* web-apps(back): Add CSRF protection to the backend
The server of each crud-web-app will be setting an XSRF-TOKEN cookie to
the frontend. On each unsafe method (POST, PATCH etc) the backend will
check to make sure that the request:
* Contains an XSRF-TOKEN cookie
* Contains an X-XSRF-TOKEN header
* The value of the above values are the same
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* web-apps(back): Document the CSRF_SAMESITE env var
Add a new table in the README of the common code to include the ENV vars
that a user can set in any web app. In the future we should also extend
the README of every app with the supported ENV vars.
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
Create an Angular Library with common frontend code. Our crud web apps
should use this library to share common functionality like:
* Talking to Central Dashboard for the Namespace selection
* Making http calls
* Surfacing and showing error messages and warnings
* Form utilities
* Showing a table with entries and actions
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
Create a python module under the kubeflow.kubeflow package that will
be exposing common code and a base app the takes care of:
* Exceptions handling
* Common routes for serving static files and their cache control policy
* Authorization checks with SubjectAccessReview
* Authentication checks on the Kubeflow headers
* Common helper functions for dates, yaml parsing etc
* health/liveness probes
Backends that are written with Python/Flask should use this common code
in order for us to reduce code duplication and have our backends align
with our accepted practices.
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
Wendy Gaultier
Kimonas Sotirchos