14

from http://docs.angularjs.org/api/ng.$http , it says we should set default headers to include the token, so i am following it.

my code goes something like this

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
    config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){
        $routeProvider.
            when('/', {
                templateUrl: '/partials/home.html',
                controller: HomeCtrl
            }).
            when('/game/:gameId/shortlist/create',{
                templateUrl: '/partials/create-shortlist.html',
                controller: CreateShortlistCtrl
            }).
            otherwise({redirectTo: '/'});
    }]);

myapp.run(function($rootScope, $http, $cookies, $httpProvider){
    $http.get('/api/get-current-user').success(function(data){
        $rootScope.current_user = data;
        $rootScope.current_team = $rootScope.current_user.team;
    });
    $http.get('/api/get-current-season').success(function(data){
        $rootScope.current_season = data;
    });
    $rootScope.csrf_token = $cookies.csrftoken;
    console.log($httpProvider.defaults.headers.common);
    //$httpProvider.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
});

as you can see, i have applied multiple approaches but am unable to set header with csrf token. the two errors i have encountered are

Uncaught Error: Unknown provider: $httpProviderProvider <- $httpProvider

what am i doing wrong?

Improve this question

3 Answers 3

Reset to default
21

If you use AngularJS 1.1.3 or newer you can use xsrfHeaderName and xsrfCookieName:

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
  config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){
    $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
    $httpProvider.defaults.xsrfCookieName = 'csrftoken';
    ...

See $location in 1.1.3 the documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

better method. as it passes the unit/e2e tests with protractor
15

You can only use the $httpProvider in the config-method. But the problem is that you cannot use $cookies in the config-method. There only $cookiesProvider is supported. That is described (a bit) in the Module Loading & Dependencies section.

What you can do is set the headers at runtime as suggested in the angularjs.org docs

So to make your example work, you can do the following:

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
    config(['$routeProvider', function($routeProvider){
        $routeProvider.
            when('/', {
                templateUrl: '/partials/home.html',
                controller: HomeCtrl
            }).
            when('/game/:gameId/shortlist/create',{
                templateUrl: '/partials/create-shortlist.html',
                controller: CreateShortlistCtrl
            }).
            otherwise({redirectTo: '/'});
    }]);

myapp.run(function($rootScope, $http, $cookies){
    // set the CSRF token here
    $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;

    $http.get('/api/get-current-user').success(function(data){
        $rootScope.current_user = data;
        $rootScope.current_team = $rootScope.current_user.team;
    });
    $http.get('/api/get-current-season').success(function(data){
        $rootScope.current_season = data;
    });
});

And don't forget to include the angular-cookies.js file in your html-file!

Improve this answer

Comments

0

Here is a small lib that could make this more simple https://github.com/pasupulaphani/angular-csrf-cross-domain

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.