Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Setting xsrfHeader for cross-domain requests has no effect on requests (the header is missing) #5122

Closed
Closed
Setting xsrfHeader for cross-domain requests has no effect on requests (the header is missing)#5122
Labels
PRs plz!component: $httpfrequency: lowtype: bug
Milestone
 
Backlog - won't fix
@evdoks

Description

@evdoks
evdoks
opened on Nov 25, 2013

Configuring the httpProvider with

  $httpProvider.defaults.xsrfCookieName = 'csrftoken';
  $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';

does not set X-CSRFToken header for cross-domain requests, while the requests to original domains are fine.

The Access-Control-Allow-... headers are set to allow CORS with cookies and X-CSRFToken header:

Access-Control-Allow-Headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken 
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: origin_url
Access-Control-Allow-Credentials:true

Metadata

Metadata

Assignees

No one assigned

    Labels

    PRs plz!component: $httpfrequency: lowtype: bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions