From 97f72e073b28a069f1ed78124e94393f588273e7 Mon Sep 17 00:00:00 2001 From: Chris Chudzicki Date: Thu, 15 Aug 2024 14:59:37 -0400 Subject: [PATCH] set csrf cookie name from env var (#1420) * set csrf cookie name from env var * foken token --- .github/workflows/production.yml | 1 + .github/workflows/release-candidate.yml | 1 + env/shared.env | 1 + frontends/api/jest.config.ts | 1 + frontends/api/src/axios.ts | 2 +- frontends/api/src/types/settings.d.ts | 1 + frontends/mit-learn/src/services/axios.ts | 2 +- frontends/mit-learn/webpack.config.js | 6 ++++++ frontends/ol-utilities/src/types/settings.d.ts | 1 + main/settings.py | 1 + 10 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index 5aeab42b50..83f951f9fc 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -45,6 +45,7 @@ jobs: POSTHOG_PROJECT_API_KEY: ${{ secrets.POSTHOG_PROJECT_API_KEY_PROD }} SENTRY_DSN: ${{ secrets.SENTRY_DSN_PROD }} SENTRY_ENV: ${{ secrets.MITOPEN_ENV_PROD }} + CSRF_COOKIE_NAME: ${{ secrets.CSRF_COOKIE_NAME_PROD }} MITOL_AXIOS_WITH_CREDENTIALS: true MITOL_API_BASE_URL: https://api.learn.mit.edu MITOL_SUPPORT_EMAIL: mitlearn-support@mit.edu diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml index edf4c8daaf..9b3a163c65 100644 --- a/.github/workflows/release-candidate.yml +++ b/.github/workflows/release-candidate.yml @@ -45,6 +45,7 @@ jobs: POSTHOG_PROJECT_API_KEY: ${{ secrets.POSTHOG_PROJECT_API_KEY_RC }} SENTRY_DSN: ${{ secrets.SENTRY_DSN_RC }} SENTRY_ENV: ${{ secrets.MITOPEN_ENV_RC }} + CSRF_COOKIE_NAME: ${{ secrets.CSRF_COOKIE_NAME_RC }} MITOL_AXIOS_WITH_CREDENTIALS: true MITOL_API_BASE_URL: https://api.rc.learn.mit.edu MITOL_SUPPORT_EMAIL: mitlearn-support@mit.edu diff --git a/env/shared.env b/env/shared.env index 8c04146dcf..e22219b661 100644 --- a/env/shared.env +++ b/env/shared.env @@ -1,5 +1,6 @@ MITOL_API_BASE_URL=http://api.open.odl.local:8063 MITOL_APP_BASE_URL=http://open.odl.local:8062 MITOL_SUPPORT_EMAIL=support@localhost +CSRF_COOKIE_NAME=csrftoken-local POSTHOG_TIMEOUT_MS=1500 diff --git a/frontends/api/jest.config.ts b/frontends/api/jest.config.ts index e0c1ce9c88..9861f128df 100644 --- a/frontends/api/jest.config.ts +++ b/frontends/api/jest.config.ts @@ -11,6 +11,7 @@ const config: Config.InitialOptions = { APP_SETTINGS: { MITOL_AXIOS_WITH_CREDENTIALS: false, MITOL_API_BASE_URL: "https://api.test.learn.mit.edu", + CSRF_COOKIE_NAME: "csrftoken-test", }, }, } diff --git a/frontends/api/src/axios.ts b/frontends/api/src/axios.ts index 47f405bc46..4919d8cb35 100644 --- a/frontends/api/src/axios.ts +++ b/frontends/api/src/axios.ts @@ -4,7 +4,7 @@ import axios from "axios" * Our axios instance with default baseURL, headers, etc. */ const instance = axios.create({ - xsrfCookieName: "csrftoken", + xsrfCookieName: APP_SETTINGS.CSRF_COOKIE_NAME, xsrfHeaderName: "X-CSRFToken", withXSRFToken: true, withCredentials: APP_SETTINGS.MITOL_AXIOS_WITH_CREDENTIALS, diff --git a/frontends/api/src/types/settings.d.ts b/frontends/api/src/types/settings.d.ts index 1c5077eee0..36f81b197b 100644 --- a/frontends/api/src/types/settings.d.ts +++ b/frontends/api/src/types/settings.d.ts @@ -4,5 +4,6 @@ export declare global { const APP_SETTINGS: { MITOL_AXIOS_WITH_CREDENTIALS?: boolean MITOL_API_BASE_URL?: string + CSRF_COOKIE_NAME: string } } diff --git a/frontends/mit-learn/src/services/axios.ts b/frontends/mit-learn/src/services/axios.ts index a8fb2f4c7b..d5e0182814 100644 --- a/frontends/mit-learn/src/services/axios.ts +++ b/frontends/mit-learn/src/services/axios.ts @@ -5,7 +5,7 @@ import axios from "axios" */ const instance = axios.create({ baseURL: "/api/v0", - xsrfCookieName: "csrftoken", + xsrfCookieName: APP_SETTINGS.CSRF_COOKIE_NAME, xsrfHeaderName: "X-CSRFToken", }) diff --git a/frontends/mit-learn/webpack.config.js b/frontends/mit-learn/webpack.config.js index 2b89393c3b..5fece56489 100644 --- a/frontends/mit-learn/webpack.config.js +++ b/frontends/mit-learn/webpack.config.js @@ -39,6 +39,7 @@ const { EMBEDLY_KEY, CKEDITOR_UPLOAD_URL, SENTRY_DSN, + CSRF_COOKIE_NAME, } = cleanEnv(process.env, { NODE_ENV: str({ choices: ["development", "production", "test"], @@ -97,6 +98,10 @@ const { desc: "Sentry Data Source Name", default: "", }), + CSRF_COOKIE_NAME: str({ + desc: "Name of the CSRF cookie", + default: "csrftoken", + }), }) const MITOL_FEATURES_PREFIX = "FEATURE_" @@ -221,6 +226,7 @@ module.exports = (env, argv) => { SITE_NAME: JSON.stringify(SITE_NAME), MITOL_SUPPORT_EMAIL: JSON.stringify(MITOL_SUPPORT_EMAIL), PUBLIC_URL: JSON.stringify(PUBLIC_URL), + CSRF_COOKIE_NAME: JSON.stringify(CSRF_COOKIE_NAME), }, }), ] diff --git a/frontends/ol-utilities/src/types/settings.d.ts b/frontends/ol-utilities/src/types/settings.d.ts index b3544ab23a..249b87a812 100644 --- a/frontends/ol-utilities/src/types/settings.d.ts +++ b/frontends/ol-utilities/src/types/settings.d.ts @@ -10,6 +10,7 @@ export declare global { declare const APP_SETTINGS: { MITOL_AXIOS_WITH_CREDENTIALS?: boolean MITOL_API_BASE_URL: string + CSRF_COOKIE_NAME: string EMBEDLY_KEY: string CKEDITOR_UPLOAD_URL?: string SENTRY_DSN?: string diff --git a/main/settings.py b/main/settings.py index dfe1dc93c3..e1237a3f3f 100644 --- a/main/settings.py +++ b/main/settings.py @@ -166,6 +166,7 @@ CSRF_COOKIE_SECURE = get_bool("CSRF_COOKIE_SECURE", True) # noqa: FBT003 CSRF_COOKIE_DOMAIN = get_string("CSRF_COOKIE_DOMAIN", None) +CSRF_COOKIE_NAME = get_string("CSRF_COOKIE_NAME", "csrftoken") CSRF_HEADER_NAME = get_string("CSRF_HEADER_NAME", "HTTP_X_CSRFTOKEN")