Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow setting trusted domains that can receive the XSRF token
See original GitHub issueIn my application, I’m trying to add csrf token to my laravel API. AS per the documentation I added the below code
HttpClientXsrfModule.withOptions({ cookieName: 'XSRF-TOKEN', headerName: 'X-CSRF-TOKEN' }),
It doesn’t add the token to the post-login request. And laravel expecting token for login
Request Method: POST Status Code: 500 Internal Server Error Remote Address: 192.168.10.10:80 Referrer Policy: no-referrer-when-downgrade Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Cache-Control: no-cache, private Connection: keep-alive Content-Type: text/html; charset=UTF-8 Date: Thu, 26 Mar 2020 07:57:23 GMT Server: nginx/1.15.8 Set-Cookie: laravel_session=eyJpdiI6Ikg3VUlidm5MVG92UVdrc1RjU1U1UEE9PSIsInZhbHVlIjoiZCtFcTU1bmsxZm1jUkdhZU8wV1o5Z0FnNmpUZUNQekI4V1h6QUJnaUxyU1FEeUZEUU1MQ2V1SVQ0andHclhrRXRuRmVSbVdRUldiU0NyZkJWYm1COHc9PSIsIm1hYyI6IjM3ODFhYTU3MjY3ZDY1YjIwM2ExOGI2YjMzNWNmNzhhZjA0NWNjYTBlYmVmMGRjNzJlNmU4N2E5NjcwZDgzYmQifQ%3D%3D; expires=Thu, 26-Mar-2020 09:57:23 GMT; Max-Age=7200; path=/; HttpOnly Transfer-Encoding: chunked Accept: application/json, text/plain, / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: keep-alive Content-Length: 34 Content-Type: application/json Host: qa.api.platform Origin: http://localhost:4200 Referer: http://localhost:4200/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Well, reading the code, it looks like absolute paths are ignored in the filter and demand a custom implementation as documented in the code: https://github.com/angular/angular/blob/f8096d499324cf0961f092944bbaedd05364eea1/packages/common/http/src/xsrf.ts#L78
But IMHO, the interceptor should not assume that a absolute path has a diferent origin, because it’s common in development to have a backend running in a different port, but still using the same origin.
Maybe this would open a security breach, but this last part is just a guess.
Just a heads up that we kicked off a community voting process for your feature request. There are 20 days until the voting process ends.
Find more details about Angular’s feature request process in our documentation.