Juan Hernandez has posted comments on this change. Change subject: webadmin: Enable RESTAPI CSRF protection ......................................................................
Patch Set 1: (1 comment) http://gerrit.ovirt.org/#/c/29682/1/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java File frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java: Line 105: RequestBuilder createRequest() { Line 106: RequestBuilder requestBuilder = new RequestBuilder(RequestBuilder.GET, restApiBaseUrl); Line 107: requestBuilder.setHeader("Prefer", "persistent-auth, csrf-protection"); //$NON-NLS-1$ //$NON-NLS-2$ Line 108: requestBuilder.setHeader("Session-TTL", getSessionTimeout()); //$NON-NLS-1$ Line 109: if (restApiSessionId != null) { > Minor thing, I'd prefer using getSessionId() instead of accessing "restApiS Done Line 110: requestBuilder.setHeader(SESSION_ID_HEADER, restApiSessionId); Line 111: } Line 112: return requestBuilder; Line 113: } -- To view, visit http://gerrit.ovirt.org/29682 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I92c41f18bcbb90441f352444dcc78408e8e61b16 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Keith Robertson <krobe...@redhat.com> Gerrit-Reviewer: Spenser Shumaker <sshum...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
