Open joshikeerti opened 9 years ago
Since Restangular uses $http - might be working.
Any update on this? I'm trying to implement XSRF protection and wondering if I'll be able to use Angular's implementation.
subscribing to this issue. @miraage can't see this working on my project. I set the XSRF-TOKEN cookie but never get the X-XSRF-TOKEN header in return. maybe @mgonto would be able to confirm ?
I've tried adding this to my app :
.config(function($httpProvider){
$httpProvider.defaults.xsrfCookieName = 'XSRF-TOKEN';
$httpProvider.defaults.xsrfHeaderName = 'X-XSRF-TOKEN';
})
but it made no difference.
I got there in the end, thanks to this stackoverflow thread.
It turns out that angularjs will only return the X-XSRF-TOKEN header if the XSRF-TOKEN cookie is set with the httpOnly flag to false.
And this gets it working for me. :-)
From the angular documentation I see this- When performing XHR requests, the $http service reads a token from a cookie called XSRF-TOKEN and sets it as the HTTP header X-XSRF-TOKEN
Is this true in case of restangular as well or do we need to set anything explicitly?