chore: support different JWT CSRF cookie names (#25891)

2023-11-14 14:01:08 +00:00 · 2023-11-14 14:01:08 +00:00 · 007d22199d
parent 5def416f63
commit 007d22199d
2 changed files with 7 additions and 1 deletions
--- a/superset-frontend/src/setup/setupClient.ts
+++ b/superset-frontend/src/setup/setupClient.ts
@ -18,13 +18,18 @@
 */
 import { SupersetClient, logging, ClientConfig } from '@superset-ui/core';
 import parseCookie from 'src/utils/parseCookie';
+import getBootstrapData from 'src/utils/getBootstrapData';
+
+const bootstrapData = getBootstrapData();

 function getDefaultConfiguration(): ClientConfig {
  const csrfNode = document.querySelector<HTMLInputElement>('#csrf_token');
  const csrfToken = csrfNode?.value;

  // when using flask-jwt-extended csrf is set in cookies
-  const cookieCSRFToken = parseCookie().csrf_access_token || '';
+  const jwtAccessCsrfCookieName =
+    bootstrapData.common.conf.JWT_ACCESS_CSRF_COOKIE_NAME;
+  const cookieCSRFToken = parseCookie()[jwtAccessCsrfCookieName] || '';

  return {
    protocol: ['http:', 'https:'].includes(window?.location?.protocol)
--- a/superset/views/base.py
+++ b/superset/views/base.py
@ -122,6 +122,7 @@ FRONTEND_CONF_KEYS = (
    "ALERT_REPORTS_DEFAULT_WORKING_TIMEOUT",
    "NATIVE_FILTER_DEFAULT_ROW_LIMIT",
    "PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET",
+    "JWT_ACCESS_CSRF_COOKIE_NAME",
 )

 logger = logging.getLogger(__name__)