diff --git a/confluent_server/confluent/discovery/handlers/xcc.py b/confluent_server/confluent/discovery/handlers/xcc.py index f99df402..2ecb9d9f 100644 --- a/confluent_server/confluent/discovery/handlers/xcc.py +++ b/confluent_server/confluent/discovery/handlers/xcc.py @@ -148,6 +148,14 @@ class NodeHandler(immhandler.NodeHandler): }) headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} + nonce = None + wc.request('POST', '/api/providers/get_nonce', '{}') + rsp = wc.getresponse() + tokbody = rsp.read() + if rsp.status == 200: + rsp = json.loads(tokbody) + nonce = rsp.get('nonce', None) + headers['Content-Security-Policy'] = 'nonce={0}'.format(nonce) wc.request('POST', '/api/login', adata, headers) rsp = wc.getresponse() try: @@ -164,6 +172,14 @@ class NodeHandler(immhandler.NodeHandler): }) headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} + if nonce: + wc.request('POST', '/api/providers/get_nonce', '{}') + rsp = wc.getresponse() + tokbody = rsp.read() + if rsp.status == 200: + rsp = json.loads(tokbody) + nonce = rsp.get('nonce', None) + headers['Content-Security-Policy'] = 'nonce={0}'.format(nonce) wc.request('POST', '/api/login', adata, headers) rsp = wc.getresponse() try: @@ -375,6 +391,13 @@ class NodeHandler(immhandler.NodeHandler): 'password': tpass, }) headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} + wc.request('POST', '/api/providers/get_nonce', '{}') + rsp = wc.getresponse() + tokbody = rsp.read() + if rsp.status == 200: + rsp = json.loads(tokbody) + nonce = rsp.get('nonce', None) + headers['Content-Security-Policy'] = 'nonce={0}'.format(nonce) nwc.request('POST', '/api/login', adata, headers) rsp = nwc.getresponse() if rsp.status == 200: