angular-csrf-cross-domain

Enable csrf/xsrf protection for cross domain requests in Angular

$http docs : Angular provides a mechanism to counter XSRF. When performing XHR requests, but will not be set for cross-domain requests.

You only need this library:

• For cross domain requests and enable angular csrf/xsrf protection.

Getting Started

Install the library through bower.

bower install angular-csrf-cross-domain

Also available with the name angular-xsrf-cross-domain

Add it to your app dependency

angular.module('myModule',['csrf-cross-domain'])

That's it - you are done!

Customization

The provider is fully customizable. Below are the methods given by provider.

Default csrf component names:

• HTTP default header name: X-XSRF-TOKEN
• HTTP default cookie name: XSRF-TOKEN
• HTTP default allowed methods: 'GET', 'POST', 'PUT', 'PATCH', 'DELETE'

Django example: (each framework has its own default csrf component naming convention)

angular.config(function(csrfCDProvider) {
 
        // Django default name
        csrfCDProvider.setHeaderName('X-CSRFToken');
        csrfCDProvider.setCookieName('CSRFToken');
 
        // You can even configure HTTP methods to set csrf
        csrfCDProvider.setAllowedMethods(['GET', 'POST', 'HEAD']);
 
    });

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request

Locations

• http://ngmodules.org/modules/angular-csrf-cross-domain
• http://bower.io/search/?q=angular-csrf-cross-domain
• http://bower.io/search/?q=angular-xsrf-cross-domain