Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-12208 React Cockpit follow-ups
  3. CAM-12218

[IMPROVEMENT] Simplify accessibility of CSRF token

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.14.0, 7.14.0-alpha2
    • None
    • None
    • None

      Problem

      • It is hard to perform modifying requests for the user because of the absence of the CSRF token
      • Previously, the AngularJS Cockpit took care of providing the CSRF token

      Reasoning

      • The getting started experience for users would be better if the CSRF token can be accessed directly from the render method
      • CSRF Prevention is not manifested as a standard so the implemented behavior differs from webapp to webapp (we use the `Set-Cookie` approach) [1]
      • From a user's perspective, it is hard to learn how the CSRF token can be accessed

      Solution

      Pass the CSRF token into the render method.

      [1] https://stackoverflow.com/questions/20504846/why-is-it-common-to-put-csrf-prevention-tokens-in-cookies#answer-20518324

        This is the controller panel for Smart Panels app

              hariharan.parasuraman Hariharan Parasuraman
              tassilo.weidner Tassilo Weidner
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: