Hi,
Need a help with this solution:
We pull the Node-red image in our project and install node-red-dashboard.
At the security team request we need to set X-CSRF header for each request, on the client-side. We already have Angular interceptor working for HttpRequest, but it doesn't intercept the Node-red requests - XMLHttpRequest (e.g. which is fired by clicking on "Deploy" workflow in the Node-red UI).
To make node-red-dashboard able to intercept XMLHttpRequest and set the necessary header - we copy the script into these locations:
The script:
BUT after deploying the Node-red container - it looks like the script either doesn't make effect (no logs, nothing changed), or just set not properly.
P.S The /data/settings.js is fired after our Nginx authentication plugin, so this way of intercepting is not working for us.
Could you please recommend anything to solve the problem (to intercept the node-red requests on the client's side)?
Thanks
- [v3.6.5] Node-RED-Dashboard version:
- [v3.1.9-18] Node-RED version: