Fix for https://wso2.org/jira/browse/CEP-1536

Author: mohanvive

components/event-stream/org.wso2.carbon.event.stream.ui/src/main/resources/web/eventstream/eventStreamDetails.jsp

@@ -26,6 +26,7 @@
 <%@ taglib uri="http://wso2.org/projects/carbon/taglibs/carbontags.jar"
            prefix="carbon" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
+<%@ taglib uri="http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld" prefix="csrf" %>
 
 <fmt:bundle
         basename="org.wso2.carbon.event.stream.ui.i18n.Resources">

components/event-stream/org.wso2.carbon.event.stream.ui/src/main/resources/web/eventstream/js/event_stream.js

@@ -310,10 +310,21 @@ function generateEvent(eventStreamId) {
     var selectedIndex = document.getElementById("sampleEventTypeFilter").selectedIndex;
     var eventType = document.getElementById("sampleEventTypeFilter").options[selectedIndex].text;
 
+    var xhr = window.XMLHttpRequest ? new window.XMLHttpRequest : new window.ActiveXObject("Microsoft.XMLHTTP");
+    xhr.open("POST", "/carbon/admin/js/csrfPrevention.js", false);
+    xhr.setRequestHeader("FETCH-CSRF-TOKEN", "1");
+    xhr.send(null);
+
+    var token_pair = xhr.responseText;
+    token_pair = token_pair.split(":");
+    var token_name = token_pair[0];
+    var token_value = token_pair[1];
+
     jQuery.ajax({
         type: "POST",
         url: "../eventstream/getSampleEvent_ajaxprocessor.jsp?streamId="
             + eventStreamId + "&eventType=" + eventType + "",
+        beforeSend: function(xhr){xhr.setRequestHeader(token_name, token_value);},
         data: {},
         dataType: "text",
         async: false,