Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

feat($http): allow overriding the XSRF header and cookie name #1952

Closed
wants to merge 1 commit into from
Closed

feat($http): allow overriding the XSRF header and cookie name #1952

wants to merge 1 commit into from

Conversation

@sam-mccall
Copy link

@sam-mccall sam-mccall commented Feb 5, 2013

Add 'xsrfCookie' and 'xsrfHeader' property to $httpProvider.defaults and http
config object, which give the name of the cookie the XSRF token is found in,
and the name of the header it is sent in, respectively.
This allows interop with servers with built-in XSRF support that use different
names.
The defaults match the current hard-coded values of 'XSRF-TOKEN' and
'X-XSRF-TOKEN'.

@IgorMinar
Copy link
Contributor

IgorMinar commented Feb 6, 2013

PR Checklist (Minor Feature)

  • Contributor signed CLA now or in the past (if you just signed, leave a comment here with your real name for cross reference)
  • Feature improves existing core functionality
  • API is compatible with existing Angular apis and relevant standards (if applicable)
  • PR doesn't contain a breaking change
  • PR contains unit tests
  • PR contains e2e tests (if suitable)
  • PR contains documentation update
  • PR passes all tests on Travis (sanity)
  • PR passes all tests on ci.angularjs.org (cross-browser compatibility)
  • PR is rebased against recent master
  • PR is squashed into one commit per logical change
  • PR's commit messages are descriptive and allows us to autogenerate release notes (required commit message format)
  • All changes requested in review have been implemented

@IgorMinar
Copy link
Contributor

IgorMinar commented Feb 6, 2013

please rename the properties, otherwise LGTM

@ghost ghost assigned IgorMinar Feb 6, 2013
@sam-mccall
feat($http): allow overriding the XSRF header and cookie name
26373aa 
Add 'xsrfCookieName' and 'xsrfHeaderName' property to $httpProvider.defaults and
http config object, which give the name of the cookie the XSRF token is found
in, and the name of the header it is sent in, respectively.
This allows interop with servers with built-in XSRF support that use different
names.
The defaults match the current hard-coded values of 'XSRF-TOKEN' and
'X-XSRF-TOKEN'.
@IgorMinar
Copy link
Contributor

IgorMinar commented Feb 6, 2013

LGTM. I'll get this in today.

@IgorMinar
Copy link
Contributor

IgorMinar commented Feb 7, 2013

landed as 8155c3a

thanks!

if you haven't received our t-shirt yet and would like one please fill out this form: http://goo.gl/075Sj

@IgorMinar IgorMinar closed this Feb 7, 2013
@evdoks
Copy link

evdoks commented Nov 25, 2013

I am trying to use this feature when making a cross domain request and it seems that XSRF header is being cut out from the response at some point. I am using Angular 1.2.2 and configure the httpProvider as following:

  $httpProvider.defaults.xsrfCookieName = 'csrftoken';
  $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';

X-CSRFToken header is set in requests sent to the original domain, but not in the cross domain requests.

The Access-Control-Allow-... headers are set to allow CORS with X-CSRFToken header:
Access-Control-Allow-Headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: origin_url

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@IgorMinar IgorMinar

Labels

None yet

Projects

None yet

Milestone

PR: Needs work

Development

Successfully merging this pull request may close these issues.

3 participants

@sam-mccall @IgorMinar @evdoks