Commit 46146c11 authored by FORESTIER Fabien's avatar FORESTIER Fabien Committed by ncastejon
Browse files

Use the XSRF-TOKEN cookie to set the x-xsrf-token header instead of the localstorage

parent 6894158d
......@@ -44,9 +44,6 @@ export function initAppConfig(appConfigService: AppConfigService) {
BrowserModule,
BrowserAnimationsModule,
HttpClientModule,
HttpClientXsrfModule.withOptions({
headerName: 'x-xsrf-token',
}),
CoreModule,
EditorialisationModule,
UserModule,
......
import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs';
import { CookieService } from 'ngx-cookie-service';
@Injectable()
export class XSRFTokenInterceptor implements HttpInterceptor {
constructor(private cookieService: CookieService) { }
intercept(
req: HttpRequest<any>,
next: HttpHandler,
): Observable<HttpEvent<any>> {
const xsrfToken = this.cookieService.get('XSRF-TOKEN');
let request = req;
if (xsrfToken) {
request = req.clone({
headers: req.headers.set('x-xsrf-token', xsrfToken),
});
}
return next.handle(request);
}
}
......@@ -41,7 +41,6 @@ export class UserService {
}
resetAuth() {
localStorage.removeItem('xsrfToken');
this.logout().subscribe();
this._user = null;
this._userStatusChangedSubject.next(false);
......
......@@ -6,6 +6,9 @@ import { UserComponents } from './components';
import { FormsModule, ReactiveFormsModule } from '@angular/forms';
import { UserGuards } from './guards';
import { SharedModule } from '../shared/shared.module';
import { HTTP_INTERCEPTORS } from '@angular/common/http';
import { XSRFTokenInterceptor } from './interceptors/xsrf-token.interceptor';
import { CookieService } from 'ngx-cookie-service';
@NgModule({
imports: [
......@@ -18,6 +21,12 @@ import { SharedModule } from '../shared/shared.module';
providers: [
...UserGuards,
...UserServices,
CookieService,
{
provide: HTTP_INTERCEPTORS,
useClass: XSRFTokenInterceptor,
multi: true,
},
],
declarations: [...UserComponents],
})
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment