Need to add XMLHttpRequest requests interceptor in node-red-dashboard

Hi,
Need a help with this solution:

We pull the Node-red image in our project and install node-red-dashboard.

At the security team request we need to set X-CSRF header for each request, on the client-side. We already have Angular interceptor working for HttpRequest, but it doesn't intercept the Node-red requests - XMLHttpRequest (e.g. which is fired by clicking on "Deploy" workflow in the Node-red UI).

To make node-red-dashboard able to intercept XMLHttpRequest and set the necessary header - we copy the script into these locations:

The script:

BUT after deploying the Node-red container - it looks like the script either doesn't make effect (no logs, nothing changed), or just set not properly.

P.S The /data/settings.js is fired after our Nginx authentication plugin, so this way of intercepting is not working for us.

Could you please recommend anything to solve the problem (to intercept the node-red requests on the client's side)?

Thanks

  • [v3.6.5] Node-RED-Dashboard version:
  • [v3.1.9-18] Node-RED version:

Just to clarify some things here.

The Node-RED Dashboard is totally independent of the Node-RED Editor (where the deploy button is).

The Editor is NOT written in Angular, only the Dashboard (v1) is, any changes to code in the Dashboard will have no impact on the Editor.

To do this in the Editor you may be able to monkey patch something by having it loaded as a Node-RED Plugin, but if not then you'll probably have to maintain your own fork.

Huge thanks for the clarification.
When I fire deploy or just load the workflow builder in browser - I see some logs from red.min.js in the Console (Dev tools). Could it theoretically make desired effect if I insert the interceptor into the file /usr/src/node-red/node_modules/@node-red/editor-client/public/red/red.min.js?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.