blob: c201c724f45f37368761041798ad9aa64a4a1aa2 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
//"use strict";
// Initializes client-side handling of cross-site request forgery (CSRF)
// protection by figuring out the custom HTTP headers that need to be sent in
// requests and which HTTP methods are ignored because they do not require CSRF
// protection.
define(function(require) {
"use strict";
require('jquery');
var restCsrfCustomHeader = null;
var restCsrfMethodsToIgnore = null;
if(!window.location.origin){
window.location.origin = window.location.protocol + "//" + window.location.hostname + (window.location.port ? ':' + window.location.port: '');
}
var baseUrl = window.location.origin + window.location.pathname.substr(0, window.location.pathname.lastIndexOf("/"));
if(baseUrl.slice(-1) == "/") {
baseUrl = baseUrl.slice(0,-1);
}
var url = baseUrl + "/service/plugins/csrfconf";
$.ajax({'url': url, 'dataType': 'json', 'async': false}).done(
function(data) {
function getTrimmedStringArrayValue(element) {
var str = element, array = [];
if (str) {
var splitStr = str.split(',');
for (var i = 0; i < splitStr.length; i++) {
array.push(splitStr[i].trim());
}
}
return array;
}
// Get all relevant configuration properties.
var $xml = $(data);
var csrfEnabled = false;
var header = null;
var methods = [];
$xml.each(function(indx,element){
if(element['ranger.rest-csrf.enabled']) {
var str = "" + element['ranger.rest-csrf.enabled'];
csrfEnabled = (str.toLowerCase() == 'true');
}
if (element['ranger.rest-csrf.custom-header']) {
header = element['ranger.rest-csrf.custom-header'].trim();
}
if (element['ranger.rest-csrf.methods-to-ignore']) {
methods = getTrimmedStringArrayValue(element['ranger.rest-csrf.methods-to-ignore']);
}
});
// If enabled, set up all subsequent AJAX calls with a pre-send callback
// that adds the custom headers if necessary.
if (csrfEnabled) {
restCsrfCustomHeader = header;
restCsrfMethodsToIgnore = {};
methods.map(function(method) { restCsrfMethodsToIgnore[method] = true; });
$.ajaxSetup({
beforeSend: addRestCsrfCustomHeader
});
}
});
// Adds custom headers to request if necessary. This is done only for WebHDFS
// URLs, and only if it's not an ignored method.
function addRestCsrfCustomHeader(xhr, settings) {
// if (settings.url == null || !settings.url.startsWith('/webhdfs/')) {
if (settings.url == null ) {
return;
}
var method = settings.type;
if (restCsrfCustomHeader != null && !restCsrfMethodsToIgnore[method]) {
// The value of the header is unimportant. Only its presence matters.
xhr.setRequestHeader(restCsrfCustomHeader, '""');
}
}
});