Skip to content
Snippets Groups Projects
Commit 3792d57e authored by FORESTIER Fabien's avatar FORESTIER Fabien
Browse files

Make angular set a x-xsrf-token header on http requests using its csrf feature

parent f3c55560
Branches
Tags
1 merge request!53Version 2.3.2
Pipeline #1764 failed
import { BrowserModule } from '@angular/platform-browser'; import { BrowserModule } from '@angular/platform-browser';
import { BrowserAnimationsModule } from '@angular/platform-browser/animations'; import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
import { NgModule, APP_INITIALIZER } from '@angular/core'; import { NgModule, APP_INITIALIZER } from '@angular/core';
import { HttpClientModule } from '@angular/common/http'; import { HttpClientModule, HttpClientXsrfModule } from '@angular/common/http';
import { AppComponent } from './app.component'; import { AppComponent } from './app.component';
import { AppRoutingModule } from './app-routing.module'; import { AppRoutingModule } from './app-routing.module';
...@@ -44,6 +44,9 @@ export function initAppConfig(appConfigService: AppConfigService) { ...@@ -44,6 +44,9 @@ export function initAppConfig(appConfigService: AppConfigService) {
BrowserModule, BrowserModule,
BrowserAnimationsModule, BrowserAnimationsModule,
HttpClientModule, HttpClientModule,
HttpClientXsrfModule.withOptions({
headerName: 'x-xsrf-token',
}),
CoreModule, CoreModule,
EditorialisationModule, EditorialisationModule,
UserModule, UserModule,
......
import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs';
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
intercept(
req: HttpRequest<any>,
next: HttpHandler,
): Observable<HttpEvent<any>> {
const xsrfToken = localStorage.getItem('xsrfToken');
let request = req;
// && req.url.includes('https://data-intothesky.alpha.grandlyon.com/authentication/api/logout'
if (xsrfToken) {
request = req.clone({
headers: req.headers.set('x-xsrf-token', xsrfToken),
});
}
return next.handle(request);
}
}
...@@ -4,8 +4,6 @@ import { UserRoutingModule } from './user-routing.module'; ...@@ -4,8 +4,6 @@ import { UserRoutingModule } from './user-routing.module';
import { UserServices } from './services'; import { UserServices } from './services';
import { UserComponents } from './components'; import { UserComponents } from './components';
import { FormsModule, ReactiveFormsModule } from '@angular/forms'; import { FormsModule, ReactiveFormsModule } from '@angular/forms';
import { HTTP_INTERCEPTORS } from '@angular/common/http';
import { AuthInterceptor } from './interceptors/auth-interceptor';
import { UserGuards } from './guards'; import { UserGuards } from './guards';
import { SharedModule } from '../shared/shared.module'; import { SharedModule } from '../shared/shared.module';
...@@ -20,11 +18,6 @@ import { SharedModule } from '../shared/shared.module'; ...@@ -20,11 +18,6 @@ import { SharedModule } from '../shared/shared.module';
providers: [ providers: [
...UserGuards, ...UserGuards,
...UserServices, ...UserServices,
{
provide: HTTP_INTERCEPTORS,
useClass: AuthInterceptor,
multi: true,
},
], ],
declarations: [...UserComponents], declarations: [...UserComponents],
}) })
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment