1

I use Spring (security etc) and Angular 2 and all the 'GET' requests work, but when I try to post it doesn't work as it's not able to find the 'X-XSRF-TOKEN' in the headers of my request.

It seems angular has stripped it from the request, at least it's not in the request.

I've followed everything here:

https://docs.angularjs.org/api/ng/service/$http

and the server sends the correct 'XSRF-TOKEN' as a cookie to angular, but angular http doesn't care about this and does not set the 'X-XSRF-TOKEN' header in the request.

I messed with the headers of the http-request in angular to force the X-XSRF-TOKEN, and then it all worked flawlessly. But that was only in order to actually verify that the missing 'X-XSRF-TOKEN'-token was to blame, which it was.

Anyone done XSRF and Angular2?

OddBeck
  • 835
  • 8
  • 19
  • 2
    Looks quite similar to http://stackoverflow.com/questions/34494876/what-is-the-right-way-to-use-angular2-http-requests-with-django-csrf-protection – Günter Zöchbauer Mar 18 '16 at 13:52
  • It does look the same, and maybe i'll try it out, but damn... one wouldn't think i'd have to do stuff like this in order for XSRF to work?! – OddBeck Mar 18 '16 at 13:55
  • There is a bigger rework of `http` planned but that work doesn't complete by itself ;-) https://github.com/angular/http/issues – Günter Zöchbauer Mar 18 '16 at 13:58
  • I see... I'll just have to try out that snippet from above then..thanks – OddBeck Mar 18 '16 at 13:59

0 Answers0