-
-
Save guillaumepiot/3939452 to your computer and use it in GitHub Desktop.
| var myApp = angular.module('myApp').config(function($httpProvider) { | |
| $httpProvider.defaults.headers.post['X-CSRFToken'] = $('input[name=csrfmiddlewaretoken]').val(); | |
| }); |
Good one. place the "X-CSRFToken" in common headers for better usage.
Perfect, thanks.
you can also have this in a http interceptor, and get the csrftoken from the cookies, like so
config.headers['X-CSRFToken'] = $cookies.csrftoken
@CalebMuhia isn't the whole point of a CSRF token that it isn't stored in a cookie?
@jedrichards No. In fact, django always stores the csrf token in a cookie: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#ajax
And the docs recommend getting the value from the cookie for all javascript code (as opposed to obtaining it from the DOM).
@ailling: Good point!
Just put together a small lib just to make easy to use. Similar concept. https://github.com/pasupulaphani/angular-csrf-cross-domain
Where do I place this code.?
I can't remember sorry, haven't worked with Angular in years...
Looks like it's when you initialize your app, which is the html element with tag ng-app="myApp"
Very good idea, saved me time. 1 answer @changetip