chore: support different JWT CSRF cookie names (apache#25891)

Ortege-xyz · Jan 22, 2024 · f7ce892 · f7ce892
1 parent e6f18f8
commit f7ce892
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/superset-frontend/src/setup/setupClient.ts b/superset-frontend/src/setup/setupClient.ts
@@ -18,13 +18,18 @@
  */
 import { SupersetClient, logging, ClientConfig } from '@superset-ui/core';
 import parseCookie from 'src/utils/parseCookie';
+import getBootstrapData from 'src/utils/getBootstrapData';
+
+const bootstrapData = getBootstrapData();
 
 function getDefaultConfiguration(): ClientConfig {
   const csrfNode = document.querySelector<HTMLInputElement>('#csrf_token');
   const csrfToken = csrfNode?.value;
 
   // when using flask-jwt-extended csrf is set in cookies
-  const cookieCSRFToken = parseCookie().csrf_access_token || '';
+  const jwtAccessCsrfCookieName =
+    bootstrapData.common.conf.JWT_ACCESS_CSRF_COOKIE_NAME;
+  const cookieCSRFToken = parseCookie()[jwtAccessCsrfCookieName] || '';
 
   return {
     protocol: ['http:', 'https:'].includes(window?.location?.protocol)

diff --git a/superset/views/base.py b/superset/views/base.py
@@ -122,6 +122,7 @@
     "ALERT_REPORTS_DEFAULT_WORKING_TIMEOUT",
     "NATIVE_FILTER_DEFAULT_ROW_LIMIT",
     "PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET",
+    "JWT_ACCESS_CSRF_COOKIE_NAME",
 )
 
 logger = logging.getLogger(__name__)