U4-10367 417 missing token error due to cookie being overwritten

Changes the cookie and header names to be Umbraco specific
2017-08-29 11:17:52 +02:00
parent cf10f5f0ee
commit d300bf8d6d
4 changed files with 8 additions and 6 deletions
--- a/src/Umbraco.Web.UI.Client/src/common/security/securityinterceptor.js
+++ b/src/Umbraco.Web.UI.Client/src/common/security/securityinterceptor.js
@@ -103,5 +103,7 @@ angular.module('umbraco.security.interceptor')

    // We have to add the interceptor to the queue as a string because the interceptor depends upon service instances that are not available in the config block.
    .config(['$httpProvider', function ($httpProvider) {
+        $httpProvider.defaults.xsrfHeaderName = 'X-UMB-XSRF-TOKEN';
+        $httpProvider.defaults.xsrfCookieName = 'UMB-XSRF-TOKEN';
        $httpProvider.responseInterceptors.push('securityInterceptor');
    }]);
--- a/src/Umbraco.Web.UI.Client/src/init.js
+++ b/src/Umbraco.Web.UI.Client/src/init.js
@@ -7,7 +7,7 @@ app.run(['userService', '$log', '$rootScope', '$location', 'navigationService',
        // it cannot be static
        $.ajaxSetup({
            beforeSend: function (xhr) {
-                xhr.setRequestHeader("X-XSRF-TOKEN", $cookies["XSRF-TOKEN"]);
+                xhr.setRequestHeader("X-UMB-XSRF-TOKEN", $cookies["UMB-XSRF-TOKEN"]);
            }
        });

--- a/src/Umbraco.Web.UI/umbraco_client/Application/Extensions.js
+++ b/src/Umbraco.Web.UI/umbraco_client/Application/Extensions.js
@@ -369,7 +369,7 @@
                if (parts.length === 2) return parts.pop().split(";").shift();
            }

-            xhr.setRequestHeader("X-XSRF-TOKEN", getCookie("XSRF-TOKEN"));
+            xhr.setRequestHeader("X-UMB-XSRF-TOKEN", getCookie("UMB-XSRF-TOKEN"));
        }
    });

--- a/src/Umbraco.Web/WebApi/Filters/AngularAntiForgeryHelper.cs
+++ b/src/Umbraco.Web/WebApi/Filters/AngularAntiForgeryHelper.cs
@@ -16,17 +16,17 @@ namespace Umbraco.Web.WebApi.Filters
        /// <summary>
        /// The cookie name that is used to store the validation value
        /// </summary>
-        public const string CsrfValidationCookieName = "XSRF-V";
+        public const string CsrfValidationCookieName = "UMB-XSRF-V";

        /// <summary>
-        /// The cookie name that is set for angular to use to pass in to the header value for "X-XSRF-TOKEN"
+        /// The cookie name that is set for angular to use to pass in to the header value for "X-UMB-XSRF-TOKEN"
        /// </summary>
-        public const string AngularCookieName = "XSRF-TOKEN";
+        public const string AngularCookieName = "UMB-XSRF-TOKEN";

        /// <summary>
        /// The header name that angular uses to pass in the token to validate the cookie
        /// </summary>
-        public const string AngularHeadername = "X-XSRF-TOKEN";
+        public const string AngularHeadername = "X-UMB-XSRF-TOKEN";

        /// <summary>
        /// Returns 2 tokens - one for the cookie value and one that angular should set as the header value