From 0dea0ae364c3492d7f12b2238880729a2a55d3b0 Mon Sep 17 00:00:00 2001
From: exceptionfactory <exceptionfactory@apache.org>
Date: Mon, 11 Jul 2022 21:53:07 -0500
Subject: [PATCH] NIFI-10196 Corrected Jolt UI CSRF Header Handling

Signed-off-by: Matthew Burgess <mattyb149@apache.org>

This closes #6198
---
 .../src/main/webapp/app/app.js                            | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js b/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
index 1c81562913..4a127605df 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
@@ -19,11 +19,9 @@
 
 var AppRun =  function($rootScope,$state,$http){
 
-    // Get the Request Token for CSRF mitigation and send on all requests
-    if (nf.AuthorizationStorage.hasToken()) {
-        var token = nf.AuthorizationStorage.getRequestToken();
-        $http.defaults.headers.common['Request-Token'] = token;
-    }
+    // Set CSRF Cookie and Header names to match Spring Security configuration in StandardCookieCsrfTokenRepository
+    $http.defaults.xsrfCookieName = '__Secure-Request-Token';
+    $http.defaults.xsrfHeaderName = 'Request-Token';
 
     $rootScope.$on('$stateChangeError', function(event, toState, toParams, fromState, fromParams, error){
         event.preventDefault();