Stack Overflow
Stack Overflow

Questions tagged [x-xsrf-token]

98 questions
38
votes
8 answers

Angular 6 does not add X-XSRF-TOKEN header to http request

I've read the docs and all the related questions on SO, but still Angular's XSRF mechanism isn't working for me: in no way I can make a POST request with the X-XSRF-TOKEN header appended automatically. I have an Angular 6 app with a login form.…
Paolo Stefan
  • 10,112
  • 5
  • 45
  • 64
27
votes
3 answers

angular4 httpclient csrf does not send x-xsrf-token

In angular documentation, it is mentioned that the angular httpclient will automatically send the value of cookie XSRF-TOKEN in the header X-XSRF-TOKEN of post request. Documentation link But it does not send the header for me. Here is my…
netuser
  • 553
  • 1
  • 6
  • 11
14
votes
1 answer

Angular 5 unable to get XSRF token from HttpXsrfTokenExtractor

I am trying to make a POST request via an absolute URL to a Spring (Basic authentication) secured Rest API. Having read that Angular omits inserting the X-XSRF-TOKEN into the request header automatically for absolute urls, I tried to implement an…
Glenster
  • 1,187
  • 2
  • 13
  • 31
8
votes
1 answer

Safari 11 X-XSRF-TOKEN not updated after refresh

Recently Safari 11 was released on Mac OSX. This update causes problem with our webapplication in combination with XSRF on the header of our reuest. I will try to describe the problem in a logic way. This is how a good situation would look…
Flex
  • 81
  • 6
6
votes
1 answer

X-XSRF-TOKEN header with axios

Do I have to set anything to send X-XSRF-TOKEN header if I set a XSRF-TOKEN cookie server side? https://github.com/axios/axios/blob/master/lib/defaults.js#L74 https://github.com/axios/axios/blob/master/dist/axios.js#L1072 It reads like I don't, but…
Gavin Henry
  • 182
  • 1
  • 1
  • 16
6
votes
1 answer

How to set CSRF Token to different context path

Our Angular based webapp is integrated with enterprise portal which runs on the different domain and context path. I am using Spring Security based CSRF token for validating the incoming requests. The app is perfectly working in local but when I…
javageek
  • 101
  • 2
  • 5
4
votes
3 answers

XSRF check failed when sending POST to custom rest endpoint

I have a ScriptRunner Fragment which shows a form dialog. Here is the code: import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.transform.BaseScript import javax.ws.rs.core.MediaType import…
Eloi Serret
  • 139
  • 1
  • 1
  • 5
4
votes
1 answer

XSRF antiforgery: Asp.Net Core 2 WebApi (not MVC) + separate Server for Angular is possible?

I'm using Asp.Net Core Webapi 2 with no static content as a backend server + nginx on a separate machine to serve Angular 7 application. Here is the question: does it have sence to try to use xrsf antiforgery protection like…
Kirill Polunin
  • 103
  • 9
4
votes
2 answers

Issue in adding Xsrf-Token in an Angular 6

Posting data from the form submit via API was successful. But after adding X-CSRF-TOKEN to the header and setting withCredentials: true resulted data were not posted to the script named insert.php Error: Failed to load…
Nɪsʜᴀɴᴛʜ ॐ
  • 2,756
  • 4
  • 33
  • 57
4
votes
1 answer

.NET CORE API with Angular 4 - The cookie token and the request token were swapped

I keep getting this message when trying to implement XSRF with Angular and .NET CORE: "Validation of the provided antiforgery token failed. The cookie token and the request token were swapped." I have the cookie and header names configured the same…
Bob B.
  • 43
  • 4
3
votes
1 answer

Asp.Net core web API anti-forgery validation fails if used along with JWT bearer authentication

I am trying to use Anti-forgery along with jwt bearer authentication in Asp.net core 3.0 web API. The weird problem that I am facing is that anti-forgery works perfectly fine, but if I try to add an [Authorize] filter to the controller action along…
Pallav
  • 163
  • 2
  • 13
3
votes
0 answers

Is it okay to send XSRF-TOKEN from backend to frontend in a header instead of storing it as a cookie?

A team i'm working on has a UI and an API on two different domains x-ui.app.example.com and x-api.app.example.com. This architecture obviously doesn't work with the traditional means of XSRF in Angular / .NET Core. The traditional way that it has…
cdhawke1
  • 31
  • 4
3
votes
0 answers

Xsrf Token conflicts with Jwt Token

I'm using angular v6 with asp.net core webapi template I want to Send Xsrf Token to angular app alongside Identity Authorization my problem starts when the user logs in. if there is no user in HttpContext.User there is no problem with the token,…
Mohammad Reza Farahani
  • 277
  • 4
  • 15
3
votes
0 answers

why getting _csrf null error with spring security and angular

I am getting an error something like this: {timestamp: 1536511109166, status: 403, error: "Forbidden",…} error : "Forbidden" message : "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header…
Nishant Lakhara
  • 2,295
  • 4
  • 23
  • 46
3
votes
1 answer

Angular 5 xsrf-token cookie and x-xsrf-header are not same

I am changing xsrf-token cookie value on each request at backend. I am making more than one http calls at a time to server, but for some requests "xsrf-cookie" value and "x-xsrf-header" value are not same. I tried to add x-xsrf-header manually…
LokiKartik
  • 91
  • 10
1
2 3 4 5 6 7