hazza/dspace-angular
1
0
Fork 1
mirror of https://github.com/DSpace/dspace-angular.git synced 2025-10-09 19:13:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add test for xsrf and change to Post so xsrf is tested for validity

Browse Source
This commit is contained in:
Nathan Buckingham
2023-02-03 15:45:44 -05:00
parent 34c07fd904
commit 6d99f51d78
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/app/core/auth/server-auth-request.service.ts
View File

@@ -1,6 +1,6 @@
import { Injectable } from '@angular/core';
import { AuthRequestService } from './auth-request.service';
import { GetRequest } from '../data/request.models';
import { PostRequest } from '../data/request.models';
import { HALEndpointService } from '../shared/hal-endpoint.service';
import { RequestService } from '../data/request.service';
import { RemoteDataBuildService } from '../cache/builders/remote-data-build.service';
@@ -30,14 +30,14 @@ export class ServerAuthRequestService extends AuthRequestService {
* @param href The href to send the request to
* @protected
*/
protected createShortLivedTokenRequest(href: string): GetRequest {
protected createShortLivedTokenRequest(href: string): PostRequest {
let options = new HttpHeaders();
options = options.set('Content-Type', 'application/json; charset=utf-8');
options = options.set(XSRF_REQUEST_HEADER, this.tokenExtractor.getToken());
let requestOptions = {
headers: options,
};
return Object.assign(new GetRequest(this.requestService.generateRequestId(), href, {}, requestOptions), {
return Object.assign(new PostRequest(this.requestService.generateRequestId(), href, {}, requestOptions), {
responseMsToLive: 2 * 1000 // A short lived token is only valid for 2 seconds.
});
}