Question: Angular XSRF Protection: header not getting added

Question

Angular XSRF Protection: header not getting added

Answers 0
Added at 2017-11-30 22:11
Tags
Question

I'm trying to implement CSRF protection in my angular 4 app. In app.module I have added

import: [
HttpClientXsrfModule.withOptions({
 cookieName: 'XSRF-COOKIE',
 headerName: 'X-XSRF-TOKEN',
}),

and on my first GET request I am setting the cookie after a successful response in my component

document.cookie = "XSRF-COOKIE=23432434243242342342";

However, the X-XSRF-TOKEN header is not added to any of my subsequent HTTP requests (according to chromes network tab request headers section).

From the documentation this seems like it should be automatic. Am I missing something?

https://v4.angular.io/guide/http#security-xsrf-protection

Answers to

Angular XSRF Protection: header not getting added

Source Show
◀ Wstecz