Proper way of inject CSRF token in Angular

monterail / guidelines

[DEPRECATED] We are Ruby on Rails experts from Poland. Think hussars. Solid & winged. These are our guidelines.

71 stars 17 forks source link

Proper way of inject CSRF token in Angular #179

Closed chytreg closed 11 years ago

sheerun commented 11 years ago

jandudulski commented 11 years ago

It wouldn't work if you don't have jQuery - built in angular.element will not find selector meta[name=csrf-token]. Proper solution:

meta = document.querySelector('meta[name=csrf-token]')
if meta && meta.hasAttribute('content')
  app.config ['$httpProvider', (provider) ->
    provider.defaults.headers.common['X-CSRF-Token'] = meta.getAttribute('content')
  ]

sheerun commented 11 years ago

querySelector is not supported on IE7

jandudulski commented 11 years ago

If you need to support ancient tools, use jQuery, or something similar.

sheerun commented 11 years ago

You may use jQuery on ancient tools, but snippet you provided won't work.

sheerun commented 11 years ago

Something like this will:

for meta in document.getElementsByTagName('meta')
  if meta.name.toLowerCase() == "csrf-token" && meta.content
    app.config ['$httpProvider', (provider) ->
      provider.defaults.headers.common['X-CSRF-Token'] = meta.content
    ]

jandudulski commented 11 years ago

You may use jQuery on ancient tools, but snippet you provided won't work.

You didn't understood me. With jQuery you can use angular.element from the PR.

sheerun commented 11 years ago

I think we need only one snippet

jandudulski commented 11 years ago

Sure, :+1: for your solution @sheerun :)

sheerun commented 11 years ago

@chytreg Could you update PR and merge?

jandudulski commented 11 years ago

done :)