0

I have just done migration from Angular 5 to Angular 8 but a problem appeared with my CSRF configuration.

According to an old issue, I have changed my spring security csrf configuration (Angular 6 does not add X-XSRF-TOKEN header to http request) :

final CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
tokenRepository.setCookiePath("/");
http.csrf().csrfTokenRepository(tokenRepository);

When I use my front, my post query on spring API return 403 error with Chrome 79. I suppose it's related to header "X-XSRF-TOKEN" which is not present in my Angular 8 query.

How can I correct this error?

Jason Aller
  • 3,541
  • 28
  • 38
  • 38
Jérémy
  • 391
  • 2
  • 7
  • 20

1 Answers1

0

According to an other issue :

"By default, an interceptor sends this cookie on all mutating requests (POST, etc.) to relative URLs but not on GET/HEAD requests or on requests with an absolute URL."

So, the solution is to uses relative URL and not absolute url in all API call.

Thanks @G. Tricot for your help :D

Jérémy
  • 391
  • 2
  • 7
  • 20