From b12b50be66f9dc0006cfb6844ae2a865df1a1d31 Mon Sep 17 00:00:00 2001
From: Jacopo Rota <jacopo.rota@canonical.com>
Date: Thu, 23 Jan 2025 15:31:07 +0100
Subject: [PATCH] fix: add Origin header in the proxy so to bypass django CSRF
 protections (#5591)

Fix the e2e tests that are failing due to the new CSRF protections introduced in Django 4.x. We simply add in the proxy the fake Origin header.

Resolves [MAASENG-4353](https://warthogs.atlassian.net/browse/MAASENG-4353)
---
 scripts/proxy.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/proxy.js b/scripts/proxy.js
index 75f21f59b8..bb513a90fb 100644
--- a/scripts/proxy.js
+++ b/scripts/proxy.js
@@ -33,6 +33,7 @@ app.use(
     onProxyReq(proxyReq) {
       // Django's CSRF protection requires requests to come from the correct
       // protocol, so this makes XHR requests work when using TLS certs.
+      proxyReq.setHeader("Origin", `${process.env.MAAS_URL.replace(/\/$/, "")}`);
       proxyReq.setHeader("Referer", `${process.env.MAAS_URL}${proxyReq.path}`);
     },
     secure: false,