#2131 Remove CSRF token and JWT in cookies

[jakipatryk]

• removed CSRF token from JWT claims and local storage as it is needed when JWT is set in HttpOnly cookie, and currently in Enceladus JWT is saved on frontend side in local storage (so CSRF doesn't seem to be possible)
• removed setting JWT in cookies explicitly on frontend side as this doesn't seem to be useful

Closes #2131 Closes #2130

[Zejnilovic]

FYI @miroslavpojer, this would, in postman, remove the need to use CSRF tokens in API calls.

[miroslavpojer]

FYI @miroslavpojer, this would, in postman, remove the need to use CSRF tokens in API calls.

I can confirm theat create Dataset (POST) and edit Dataset (PUT) endpoint calls are working without CSRF token present. I can update postman collection and commit new version in this branch.

[miroslavpojer]

FYI @miroslavpojer, this would, in postman, remove the need to use CSRF tokens in API calls.

I can confirm theat create Dataset (POST) and edit Dataset (PUT) endpoint calls are working without CSRF token present. I can update postman collection and commit new version in this branch.

CSRF tokens removed from Postman solution in commit - 3e5d1196681c1bbe2ed5a7a85cccb24febf5c98f.

[jakipatryk]

Also, have you looked into XSS protection?

Not really. One way to ensure XSS protection would be to use Angular (it is quite hard to be XSS-vulnerable with Angular as it sanitises everything by default).

[benedeki]

Because run both by @Zejnilovic and @miroslavpojer I've added the PR: Tested label.

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication