mirror of https://github.com/portainer/portainer
Disable CSRF protection (#313)
Anthony Lapenna
GitHub
parent
eabf1f10e4
commit
f0e194f63b
|
|
@ -17,7 +17,6 @@ func (a *api) newHandler(settings *Settings) http.Handler {
|
||||||
)
|
)
|
||||||
|
|
||||||
handler := a.newAPIHandler()
|
handler := a.newAPIHandler()
|
||||||
CSRFHandler := newCSRFHandler(a.dataPath)
|
|
||||||
|
|
||||||
mux.Handle("/", fileHandler)
|
mux.Handle("/", fileHandler)
|
||||||
mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", handler))
|
mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", handler))
|
||||||
|
|
@ -28,7 +27,12 @@ func (a *api) newHandler(settings *Settings) http.Handler {
|
||||||
mux.HandleFunc("/templates", func(w http.ResponseWriter, r *http.Request) {
|
mux.HandleFunc("/templates", func(w http.ResponseWriter, r *http.Request) {
|
||||||
templatesHandler(w, r, a.templatesURL)
|
templatesHandler(w, r, a.templatesURL)
|
||||||
})
|
})
|
||||||
return CSRFHandler(newCSRFWrapper(mux))
|
// CSRF protection is disabled for the moment
|
||||||
|
// CSRFHandler := newCSRFHandler(a.dataPath)
|
||||||
|
// return CSRFHandler(newCSRFWrapper(mux))
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
mux.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// newAPIHandler initializes a new http.Handler based on the URL scheme
|
// newAPIHandler initializes a new http.Handler based on the URL scheme
|
||||||
|
|
|
||||||
14
app/app.js
14
app/app.js
|
|
@ -33,9 +33,6 @@ angular.module('portainer', [
|
||||||
.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', function ($stateProvider, $urlRouterProvider, $httpProvider) {
|
.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', function ($stateProvider, $urlRouterProvider, $httpProvider) {
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
$httpProvider.defaults.xsrfCookieName = 'csrfToken';
|
|
||||||
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token';
|
|
||||||
|
|
||||||
$urlRouterProvider.otherwise('/');
|
$urlRouterProvider.otherwise('/');
|
||||||
|
|
||||||
$stateProvider
|
$stateProvider
|
||||||
|
|
@ -161,6 +158,8 @@ angular.module('portainer', [
|
||||||
});
|
});
|
||||||
|
|
||||||
// The Docker API likes to return plaintext errors, this catches them and disp
|
// The Docker API likes to return plaintext errors, this catches them and disp
|
||||||
|
// $httpProvider.defaults.xsrfCookieName = 'csrfToken';
|
||||||
|
// $httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token';
|
||||||
$httpProvider.interceptors.push(function() {
|
$httpProvider.interceptors.push(function() {
|
||||||
return {
|
return {
|
||||||
'response': function(response) {
|
'response': function(response) {
|
||||||
|
|
@ -172,10 +171,11 @@ angular.module('portainer', [
|
||||||
time: 10000
|
time: 10000
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
var csrfToken = response.headers('X-Csrf-Token');
|
// CSRF protection is disabled for the moment
|
||||||
if (csrfToken) {
|
// var csrfToken = response.headers('X-Csrf-Token');
|
||||||
document.cookie = 'csrfToken=' + csrfToken;
|
// if (csrfToken) {
|
||||||
}
|
// document.cookie = 'csrfToken=' + csrfToken;
|
||||||
|
// }
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue