Pass xsrf token explicitly in the /pull POST request

nebari-dev · Jun 28, 2024 · b0af4a9 · b0af4a9
1 parent 1e3fb3c
commit b0af4a9
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/gallery.tsx b/src/gallery.tsx
@@ -53,9 +53,16 @@ export class GalleryWidget extends ReactWidget {
           };
           this._stream.connect(promiseResolver);
         });
+        const xsrfTokenMatch = document.cookie.match('\\b_xsrf=([^;]*)\\b');
+        const args: Record<string, string | number> = {
+          exhibit_id: exhibit.id
+        };
+        if (xsrfTokenMatch) {
+          args['_xsrf'] = xsrfTokenMatch[1];
+        }
         await requestAPI('pull', {
           method: 'POST',
-          body: JSON.stringify({ exhibit_id: exhibit.id })
+          body: JSON.stringify(args)
         });
         await done;
       }