haobibo
commented
7 years ago any comments?
Jupyter Notebook now provides a function Jupyter.utils.ajax to ensure X-XSRFToken is in AJAX request header.
Closed haobibo closed 7 years ago
haobibo
commented
7 years ago any comments?
Jupyter Notebook now provides a function Jupyter.utils.ajax to ensure X-XSRFToken is in AJAX request header.
lbustelo
commented
7 years ago I think the fix here is better for backwards compat. The only issue is that we don't have our tests running against 4.3 and so I have not way of testing this.
jpizarrom
commented
7 years ago the name should be cookie name
var r = document.cookie.match("\\b" + "_xsrf" + "=([^;]*)\\b");
r = r ? r[1] : undefined;
if(r){
if (!this.$.ajaxPost.headers) {
this.$.ajaxPost.headers = {};
}
this.$.ajaxPost.headers['X-XSRFToken'] = r;
}cc @lbustelo
Replacement for #542 and #542
This PR fix issue mentioned in #538 by adding a XSRF filed in post request header.