How to set X-XSRF-TOKEN in angular when doing AJAX post

Question

I understand cross site forgery requests, but am unsure of one thing, how to set the X-XSRF-TOKEN in angular for the cookie to match up to. I figured it would be through Angular's $http provider when making put or post requests, but when I try to do a post request I'm getting a 403 still. I am using Django for the backend so I set the $httpProviders cookie and header name.

function Config($locationProvider, $stateProvider, $urlRouterProvider, $httpProvider) {

    $locationProvider.html5Mode(true);
    $httpProvider.defaults.xsrfCookieName = 'csrftoken';
    $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
    $httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';

var promise = $http({
            method: method,
            url: (isApi ? Config.api_path : '/') + uri,
            'X-CSRFToken': $http.csrftoken,
            data: data || {},
            timeout: deferred.promise
        })

probably duplicate of http://stackoverflow.com/questions/18156452/django-csrf-token-angularjs — Muli Yulzary, May 04 '16 at 18:13
does Angular automatically set X-CSRFToken when it performs a post method to be compared to its the csrftoken cookie ? — TJB, May 04 '16 at 20:36
When you set the defaults for `$httpProvider` you essentially did that. I think this `'X-CSRFToken': $http.csrftoken` is redundant. — Muli Yulzary, May 04 '16 at 22:00

How to set X-XSRF-TOKEN in angular when doing AJAX post

0 Answers0