Created
October 23, 2012 15:28
-
-
Save guillaumepiot/3939452 to your computer and use it in GitHub Desktop.
ANGULARJS - Django CSRF Token header setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var myApp = angular.module('myApp').config(function($httpProvider) { | |
| $httpProvider.defaults.headers.post['X-CSRFToken'] = $('input[name=csrfmiddlewaretoken]').val(); | |
| }); |
@CalebMuhia isn't the whole point of a CSRF token that it isn't stored in a cookie?
@jedrichards No. In fact, django always stores the csrf token in a cookie: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#ajax
And the docs recommend getting the value from the cookie for all javascript code (as opposed to obtaining it from the DOM).
@ailling: Good point!
Just put together a small lib just to make easy to use. Similar concept. https://github.com/pasupulaphani/angular-csrf-cross-domain
Where do I place this code.?
I can't remember sorry, haven't worked with Angular in years...
Looks like it's when you initialize your app, which is the html element with tag ng-app="myApp"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you can also have this in a http interceptor, and get the csrftoken from the cookies, like so
config.headers['X-CSRFToken'] = $cookies.csrftoken