updates

petstore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/RestAPIController.java

@@ -97,6 +97,11 @@ public String viewcart(Model model, @RequestParam Map<String, String> params, Ht
 		logger.info("csrf: " + this.sessionUser.getCsrfToken());
 		logger.info("incoming arrAffinity: " + params.get("arrAffinity"));
 
+		if(params.get("csrf") == null || !params.get("csrf").equals(this.sessionUser.getCsrfToken()))
+		{
+			return "Invalid CSRF token";
+		}
+
 		this.sessionUser.getTelemetryClient().trackEvent(
 				String.format("PetStoreApp user %s requesting view cart", this.sessionUser.getName()),
 				this.sessionUser.getCustomEventProperties(), null);

petstore/petstoreassistant/src/main/java/com/chtrembl/petstoreassistant/service/AzurePetStore.java

@@ -72,9 +72,9 @@ public DPResponse viewCart(AzurePetStoreSessionInfo azurePetStoreSessionInfo) {
                 Response response = null;
                 try {
                         Request request = new Request.Builder()
-                                        .url(this.VIEW_CART_URL)
+                                        .url(this.VIEW_CART_URL + "?csrf=" + azurePetStoreSessionInfo.getCsrfToken())
                                         .method("GET", null)
-                                        .addHeader("Cookie", "JSESSIONID=" + azurePetStoreSessionInfo.getSessionID())
+                                        .addHeader("Cookie", "JSESSIONID=" + azurePetStoreSessionInfo.getSessionID()+"; ARRAffinity="+azurePetStoreSessionInfo.getArrAffinity())
                                         .addHeader("Content-Type", "text/html")
                                         .build();