Skip to content

Make sure x-csrf headers are sent for AI response feedback requests#3035

Open
mbertrand wants to merge 3 commits intomainfrom
mb/ai_chat_csrf_header
Open

Make sure x-csrf headers are sent for AI response feedback requests#3035
mbertrand wants to merge 3 commits intomainfrom
mb/ai_chat_csrf_header

Conversation

@mbertrand
Copy link
Member

@mbertrand mbertrand commented Mar 10, 2026
edited
Loading

What are the relevant tickets?

Closes https://github.com/mitodl/hq/issues/10489

Description (What does it do?)

  • Includes csrfCookieName and csrfHeaderName in requestOpts sent to StyledAiChat.
  • Removes headers from fetchOpts

How can this be tested?

on the main branch:

  • Run docker compose up
  • Log in
  • Navigate to AskTIM and ask a question
  • with the network tab open, give the response a thumbs up or down. The request will fail with a 403, "no csrf header" reason, and if you check the request header, "X-CSRF" header is not present.

on this branch:

  • Repeat the above. The request will still fail with a 403, but it won't be because of "no csrf header", and if you check the request header, "X-CSRF" header should be present.

@mbertrand mbertrand added the Needs Review An open Pull Request that is ready for review label Mar 10, 2026
abeglova
abeglova approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@abeglova abeglova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abeglova abeglova abeglova approved these changes

Assignees

No one assigned

Labels

Needs Review An open Pull Request that is ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mbertrand @abeglova