Skip to content

Commit

Permalink
fix: add Origin header in the proxy so to bypass django CSRF protecti…
Browse files Browse the repository at this point in the history 
…ons (#5591)

Fix the e2e tests that are failing due to the new CSRF protections introduced in Django 4.x. We simply add in the proxy the fake Origin header. 

Resolves [MAASENG-4353](https://warthogs.atlassian.net/browse/MAASENG-4353)
  • Loading branch information
@r00ta
r00ta authored Jan 23, 2025
1 parent e953942 commit b12b50b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions scripts/proxy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ app.use(
onProxyReq(proxyReq) {
// Django's CSRF protection requires requests to come from the correct
// protocol, so this makes XHR requests work when using TLS certs.
proxyReq.setHeader("Origin", `${process.env.MAAS_URL.replace(/\/$/, "")}`);
proxyReq.setHeader("Referer", `${process.env.MAAS_URL}${proxyReq.path}`);
},
secure: false,
Expand Down

0 comments on commit b12b50b

Please sign in to comment.