How to add CSRF token to form in TeamCity 2020.1

Avatar
Alex Kvak
Created

I have a settings form in my plugin and since TC 2020.1 this form should be signed with csrf token.

Could you suggest how to add the CSRF token to settings form (JSP file)?

I tried to find similar plugin in JetBrains GitHub account, but unfortunately this attempt was failed.

Votes

0

Share

6 comments
Avatar
Kirill Maximov
Created

Hello Alex, 

  The CSRF token can be obtained from the HTTP session with session.getAttribute(CSRFFilter.ATTRIBUTE) or using AJAX call `https://your-server/authenticationTest.html?csrf`

   Hope this helps,

   KIR

0
Avatar
Alex Kvak
Created

Thanks for the answer, Kirill Maximov

So in my form I need to add hidden attribute with name from constant CSRFFilter.ATTRIBUTE and the value from the session, right?

0
Avatar
Kirill Maximov
Created

Yes, this should work.

 

Best,

0
Avatar
Alex Kvak
Created

yes, it works, great!

 

Thank you

0
Avatar
Vinh Lam
Created

Alex Kvak, Kirill Maximov could you please give a bit of details about how it looks in your JSP file? I have the same problem, thank you.

0
Avatar
Alex Kvak
Created

Vinh Lam Please take a look at https://github.com/alexkvak/teamcity-slack/blob/master/slackIntegration-server/src/main/resources/buildServerResources/configPage.jsp#L9

0

Please sign in to leave a comment.