Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HttpClient does not set X-XSRF-Token on Http Post

See original GitHub issue

I’m submitting a…


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ X] Bug report  
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead see https://github.com/angular/angular/blob/master/CONTRIBUTING.md#question

Current behavior

Updated to angular 5.0.2. Updated from the deprecated HttpModule (@angular/http) to HttpClientModule (@angular/common/http).

Updated Http.post to HttpClient.post and tested. X-XSRF-TOKEN was not present in the Http Header.

HttpClient (@angular/common/http) does not set X-XSRF-Token on Http Post, while Http (@angular/http) does.

Expected behavior

HttpClient should set the X-XSRF-TOKEN on Http Post.

Minimal reproduction of the problem with instructions

Verify that javascript XSRF-TOKEN cookie has been set.

Test HttpClient (@angular/http) and HttpClientModule (@angular/common/http) side by side with nearly identical Http post requests.


//OLD
        CreateOld(sample: Models.Sample): Observable<Models.Sample[]> {
            let body = JSON.stringify(sample);
            let headers = new Headers({ 'Content-Type': 'application/json' });
            return this.http
                .post(this.baseUrl + 'api/sample/Create', body, { headers: headers })
                .map(response => { return response.json() as Models.Task[] });
        }
//NEW
	 CreateNew(sample: Models.Sample): Observable<Models.Sample[]> {
			let body = JSON.stringify(sample)
			return this.httpClient
				.post<Models.Task[]>(this.baseUrl + 'api/sample/Create', body, { headers: new HttpHeaders().set('Content-Type', 'application/json') });
        }

What is the motivation / use case for changing the behavior?

Environment


Angular version: 5.0.2


Browser:
- [ X] Chrome (desktop) version 62.0.3202.94 
- [ ] Chrome (Android) version XX
- [ ] Chrome (iOS) version XX
- [ ] Firefox version XX
- [ ] Safari (desktop) version XX
- [ ] Safari (iOS) version XX
- [ ] IE version XX
- [X ] Edge version 41.16299.15.0
 
For Tooling issues:
- Node version: XX  
- Platform:  

Others:

Issue Analytics

  • State:open
  • Created 6 years ago
  • Reactions:32
  • Comments:50 (2 by maintainers)

github_iconTop GitHub Comments

45reactions
Toxicablecommented, Nov 18, 2017

Hello, we reviewed this issue and determined that it doesn’t fall into the bug report or feature request category. This issue tracker is not suitable for support requests, please repost your issue on StackOverflow using tag angular.

If you are wondering why we don’t resolve support issues via the issue tracker, please check out this explanation.

You’re probably after https://angular.io/api/common/http/HttpClientXsrfModule

21reactions
ewaschenkocommented, Mar 9, 2018

@bhanukumar04 If you look at Angular’s xsrf implementation here You can see in the interceptor they have this

if (req.method === 'GET' || req.method === 'HEAD' || lcUrl.startsWith('http://') ||
        lcUrl.startsWith('https://')) {
      return next.handle(req);
    }

If any of the condition are true then adding the header is skipped. That’s why I had to make my own since my API is on a different domain.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Angular 6 does not add X-XSRF-TOKEN header to http request
Then, inside a Service's method, I'm making the following http request ( this.http is an instance of HttpClient ): this.http .post<any>('api ...
Read more >
Communicating with backend services using HTTP - Angular
For all HttpClient methods, the method doesn't begin its HTTP request until you call subscribe() on the observable the method returns. This is...
Read more >
Angular HTTP Client - QuickStart Guide
Complete Guide on Angular HTTP: Learn how to do common HTTP operations: GET, PUT, PATCH, DELETE, POST, Error Handling, Interceptors, etc.
Read more >
Sending CSRF Token From Postman REST Client | Baeldung
From no experience to actually building stuff​ ... take the CSRF token from the cookies and set it in the X-XSRF-TOKEN request header....
Read more >
Fix "Invalid CSRF token" error – add the XSRF-TOKEN header ...
Learn what to do when Angular doesn't attach the X-XSRF-TOKEN header ... default XSRF-TOKEN , and sets it as an HTTP header, X-XSRF-TOKEN...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[BUG] ApplicationRef.attachView cause error while dynamic creating component which contains structural directives

Next page

:leave animation does not work on Firefox and Edge