Set the XSRF token header

Description

Contributor guide

Tech stack

pythonjavascript

Domain

full stack

Issue type

feature

DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.

3

Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.

1-3 hours

Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.

stale

ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.

needs investigation

Prerequisites

Basic understanding of AngularJS $http serviceFamiliarity with XSRF/CSRF protection conceptsAccess to Redash development environment

Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.

30

Research direction

Start by reviewing the AngularJS documentation for $http XSRF protection linked in the issue. Then locate the AngularJS configuration file (commonly app.js or similar) in the Redash frontend codebase to understand how $httpProvider is currently set up. Next, investigate the backend (likely Flask or Django) to see if it already sends an XSRF token cookie and how to read it. Finally, determine the best approach to set the default header for all $http requests. Consult existing similar PRs or comments in the repository for guidance.