#525 Rename cookies to prevent collision with other applications (Cortex)

To-om · To-om · commit 13cfd07f072e · 2018-04-03T17:25:07.000+02:00
diff --git a/thehive-backend/conf/reference.conf b/thehive-backend/conf/reference.conf
@@ -5,9 +5,9 @@
 # HTTP filters
 play.filters {
   # name of cookie in which the CSRF token is transmitted to client
-  csrf.cookie.name = XSRF-TOKEN
+  csrf.cookie.name = THE-HIVE-XSRF-TOKEN
   # name of header in which the client should send CSRD token
-  csrf.header.name = X-XSRF-TOKEN
+  csrf.header.name = X-THe-HIVE-XSRF-TOKEN
 
   enabled = [
     services.StreamFilter,
@@ -22,7 +22,7 @@ play.http.errorHandler = org.elastic4play.ErrorHandler
 # Register module for dependency injection
 play.modules.enabled += global.TheHive
 
-
+play.http.session.cookieName = THE_HIVE_SESSION
 
 # ElasticSearch
 search {
diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
@@ -332,6 +332,8 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
     .config(function($httpProvider) {
         'use strict';
 
+        $httpProvider.defaults.xsrfCookieName = 'THE-HIVE-XSRF-TOKEN';
+        $httpProvider.defaults.xsrfHeaderName = 'X-THE-HIVE-XSRF-TOKEN';
         $httpProvider.interceptors.push(function($rootScope, $q) {
             var isApiCall = function(url) {
                 return url && url.startsWith('./api') && !url.startsWith('./api/stream');
