Use CSRF token in save portadmin requests

Simrayz · Simrayz · commit 4ba800240dbc · 2025-09-18T11:50:28.000+02:00
Resolves #3444
diff --git a/python/nav/web/static/js/src/portadmin.js b/python/nav/web/static/js/src/portadmin.js
@@ -346,6 +346,7 @@ require(['libs/spin.min', 'libs/jquery-ui.min'], function (Spinner) {
         var $row = $('#' + rowid);
         var interfaceData = queue_data[rowid];
         var listItem = feedback.savingInterface($row);
+        const csrfToken = $('#save-changes-form [name="csrfmiddlewaretoken"]').val();
         $.ajax({url: "save_interfaceinfo",
             data: interfaceData,
             dataType: 'json',
@@ -354,6 +355,9 @@ require(['libs/spin.min', 'libs/jquery-ui.min'], function (Spinner) {
                 disableButtons($row);
                 // spinner.spin($row);
             },
+            headers: {
+                'X-CSRFToken': csrfToken
+            },
             success: function () {
                 clearChangedState($row);
                 updateDefaults($row, interfaceData);
@@ -400,13 +404,21 @@ require(['libs/spin.min', 'libs/jquery-ui.min'], function (Spinner) {
         /** Do a request to commit changes to startup config */
         console.log('Sending commit configuration request');
 
-        var status = feedback.committingConfig();
-        var request = $.post('commit_configuration', {'interfaceid': interfaceid});
+        const status = feedback.committingConfig();
+        const csrfToken = $('#save-changes-form input[name="csrfmiddlewaretoken"]').val();
+        const request = $.ajax({
+            url: 'commit_configuration',
+            type: 'POST',
+            data: {'interfaceid': interfaceid},
+            headers: {
+                'X-CSRFToken': csrfToken
+            },
+        });
         request.done(function() {
             feedback.endProgress(status, 'success', request.responseText);
             restartInterfaces();
         });
-        request.fail(function() {
+        request.fail(function(err) {
             feedback.endProgress(status, 'alert', request.responseText);
             feedback.addCloseButton();
         });
diff --git a/python/nav/web/templates/portadmin/portlist.html b/python/nav/web/templates/portadmin/portlist.html
@@ -14,7 +14,9 @@
     {% if handlertype %}({{ handlertype }}){% endif %}
 
   </div>
-
+  <form id="save-changes-form" style="display: none;">
+    {% csrf_token %}
+  </form>
   <div class="row header_row">
     <div class="hide-for-small medium-2 column">
       Port
