Enable csrf/xsrf protection for cross domain requests in Angular
$http docs : Angular provides a mechanism to counter XSRF. When performing XHR requests, but will not be set for cross-domain requests.
You only need this library:
- For cross domain requests and enable angular csrf/xsrf protection.
Install the library through bower or npm.
bower install angular-csrf-cross-domainAlso available with the name
angular-xsrf-cross-domain
Add it to your app dependency
angular.module('myModule',['csrf-cross-domain'])That's it - you are done!
The provider is fully customizable. Below are the methods given by provider.
Default csrf component names:
- HTTP default header name:
X-XSRF-TOKEN - HTTP default cookie name:
XSRF-TOKEN - HTTP default allowed methods:
'GET', 'POST', 'PUT', 'PATCH', 'DELETE'
Django example: (each framework has its own default csrf component naming convention)
angular.config(function(csrfCDProvider) {
// Django default name
csrfCDProvider.setHeaderName('X-CSRFToken');
csrfCDProvider.setCookieName('CSRFToken');
// You can even configure HTTP methods to set csrf
csrfCDProvider.setAllowedMethods(['GET', 'POST', 'HEAD']);
});- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
- http://ngmodules.org/modules/angular-csrf-cross-domain
- http://bower.io/search/?q=angular-csrf-cross-domain
- http://bower.io/search/?q=angular-xsrf-cross-domain
