[IMPROVEMENT] Simplify accessibility of CSRF token

XMLWordPrintable

    • Type: Sub-task
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.14.0, 7.14.0-alpha2
    • Affects Version/s: None
    • Component/s: None
    • None

      Problem

      • It is hard to perform modifying requests for the user because of the absence of the CSRF token
      • Previously, the AngularJS Cockpit took care of providing the CSRF token

      Reasoning

      • The getting started experience for users would be better if the CSRF token can be accessed directly from the render method
      • CSRF Prevention is not manifested as a standard so the implemented behavior differs from webapp to webapp (we use the `Set-Cookie` approach) [1]
      • From a user's perspective, it is hard to learn how the CSRF token can be accessed

      Solution

      Pass the CSRF token into the render method.

      [1] https://stackoverflow.com/questions/20504846/why-is-it-common-to-put-csrf-prevention-tokens-in-cookies#answer-20518324

        This is the controller panel for Smart Panels app

              Assignee:
              Hariharan Parasuraman
              Reporter:
              Tassilo Weidner-Mühl
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: