AMBARI-3758. Make Ambari Web changes for CSRF prevention. (onechiporenko)

ambari-web/app/config.js

@@ -72,7 +72,8 @@ if (App.enableExperimental) {
 
 // this is to make sure that IE does not cache data when making AJAX calls to the server
 $.ajaxSetup({
-  cache: false
+  cache: false,
+  headers: {"X-Requested-By": "X-Requested-By"}
 });
 
 /**

ambari-web/app/messages.js

@@ -1683,5 +1683,7 @@ Em.I18n.translations = {
   'config.group.selection.dialog.option.create': 'Create new configuration group',
   'config.group.selection.dialog.option.create.msg': 'A new configuration group will be created with the given name. Initially there will be no hosts in the group, with only the selected property overridden.',
   'config.group.selection.dialog.err.name.exists': 'Configuration group with given name already exists',
-  'config.group.selection.dialog.err.create': 'Error creating new configuration group [{0}]'
+  'config.group.selection.dialog.err.create': 'Error creating new configuration group [{0}]',
+
+  'utils.ajax.errorMessage': 'Error message'
 };

ambari-web/app/templates/utils/ajax.hbs

@@ -0,0 +1,24 @@
+{{!
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+}}
+
+<span class="text-error">{{view.statusCode}}</span> <span>{{view.api}}</span>
+{{#if view.showMessage}}
+  <br />
+  <br />
+  <pre><strong>{{t utils.ajax.errorMessage}}: </strong><span class="text-error">{{view.message}}</span></pre>
+{{/if}}

ambari-web/app/utils/ajax.js

@@ -1255,7 +1255,7 @@ App.ajax = {
         config.sender[config.beforeSend](opt, xhr, params);
       }
     };
-    opt.success = function (data) {
+    opt.success = function (data, textStatus, xhr) {
       console.log("TRACE: The url is: " + opt.url);
       if (config.success) {
         config.sender[config.success](data, opt, params);
@@ -1276,7 +1276,7 @@ App.ajax = {
     if ($.mocho) {
       opt.url = 'http://' + $.hostName + opt.url;
     }
-      return $.ajax(opt);
+    return $.ajax(opt);
   },
 
   // A single instance of App.ModalPopup view
@@ -1315,10 +1315,7 @@ App.ajax = {
         },
         bodyClass: Ember.View.extend({
           classNames: ['api-error'],
-          template: Ember.Handlebars.compile(['<span class="text-error">{{view.statusCode}}</span><span>{{view.api}}</span>',
-            '{{#if view.showMessage}}',
-            '<br><br><pre><strong>Error message: </strong><span class="text-error">{{view.message}}</span></pre>',
-            '{{/if}}'].join('\n')),
+          templateName: require('templates/utils/ajax'),
           api: api,
           statusCode: statusCode,
           message: message,