[AIRFLOW-2866] Fix missing CSRF token head when using RBAC UI (#3804)

Author: Gabriel Silk

airflow/www_rbac/static/js/clock.js airflow/www_rbac/static/js/base.js

@@ -33,4 +33,11 @@ function displayTime() {
 $(document).ready(function () {
   displayTime();
   $('span').tooltip();
+  $.ajaxSetup({
+    beforeSend: function(xhr, settings) {
+      if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+        xhr.setRequestHeader("X-CSRFToken", csrfToken);
+      }
+    }
+  });
 });

airflow/www_rbac/templates/appbuilder/baselayout.html

@@ -67,9 +67,9 @@
 {% block tail_js %}
 {{ super() }}
 <script type="text/javascript">
-  // below variables are used in clock.js
+  // below variables are used in base.js
   var hostName = '{{ hostname }}';
   var csrfToken = '{{ csrf_token() }}';
 </script>
-<script src="{{ url_for_asset('clock.js') }}" type="text/javascript"></script>
+<script src="{{ url_for_asset('base.js') }}" type="text/javascript"></script>
 {% endblock %}

airflow/www_rbac/webpack.config.js

@@ -35,7 +35,7 @@ const BUILD_DIR = path.resolve(__dirname, './static/dist');
 const config = {
   entry: {
     connectionForm: `${STATIC_DIR}/js/connection_form.js`,
-    clock: `${STATIC_DIR}/js/clock.js`,
+    base: `${STATIC_DIR}/js/base.js`,
     graph: `${STATIC_DIR}/js/graph.js`,
     ganttChartD3v2: `${STATIC_DIR}/js/gantt-chart-d3v2.js`,
     main: `${STATIC_DIR}/css/main.css`,