Skip to content
Snippets Groups Projects
Commit 50d2123c authored by FORESTIER Fabien's avatar FORESTIER Fabien
Browse files

Use the XSRF-TOKEN cookie to set the x-xsrf-token header instead of the localstorage

parent 58ec2e7b
1 merge request!53Version 2.3.2
Checking pipeline status
This diff is collapsed.
...@@ -44,9 +44,6 @@ export function initAppConfig(appConfigService: AppConfigService) { ...@@ -44,9 +44,6 @@ export function initAppConfig(appConfigService: AppConfigService) {
BrowserModule, BrowserModule,
BrowserAnimationsModule, BrowserAnimationsModule,
HttpClientModule, HttpClientModule,
HttpClientXsrfModule.withOptions({
headerName: 'x-xsrf-token',
}),
CoreModule, CoreModule,
EditorialisationModule, EditorialisationModule,
UserModule, UserModule,
......
import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs';
import { CookieService } from 'ngx-cookie-service';
@Injectable()
export class XSRFTokenInterceptor implements HttpInterceptor {
constructor(private cookieService: CookieService) { }
intercept(
req: HttpRequest<any>,
next: HttpHandler,
): Observable<HttpEvent<any>> {
const xsrfToken = this.cookieService.get('XSRF-TOKEN');
let request = req;
if (xsrfToken) {
request = req.clone({
headers: req.headers.set('x-xsrf-token', xsrfToken),
});
}
return next.handle(request);
}
}
...@@ -41,7 +41,6 @@ export class UserService { ...@@ -41,7 +41,6 @@ export class UserService {
} }
resetAuth() { resetAuth() {
localStorage.removeItem('xsrfToken');
this.logout().subscribe(); this.logout().subscribe();
this._user = null; this._user = null;
this._userStatusChangedSubject.next(false); this._userStatusChangedSubject.next(false);
......
...@@ -6,6 +6,9 @@ import { UserComponents } from './components'; ...@@ -6,6 +6,9 @@ import { UserComponents } from './components';
import { FormsModule, ReactiveFormsModule } from '@angular/forms'; import { FormsModule, ReactiveFormsModule } from '@angular/forms';
import { UserGuards } from './guards'; import { UserGuards } from './guards';
import { SharedModule } from '../shared/shared.module'; import { SharedModule } from '../shared/shared.module';
import { HTTP_INTERCEPTORS } from '@angular/common/http';
import { XSRFTokenInterceptor } from './interceptors/xsrf-token.interceptor';
import { CookieService } from 'ngx-cookie-service';
@NgModule({ @NgModule({
imports: [ imports: [
...@@ -18,6 +21,12 @@ import { SharedModule } from '../shared/shared.module'; ...@@ -18,6 +21,12 @@ import { SharedModule } from '../shared/shared.module';
providers: [ providers: [
...UserGuards, ...UserGuards,
...UserServices, ...UserServices,
CookieService,
{
provide: HTTP_INTERCEPTORS,
useClass: XSRFTokenInterceptor,
multi: true,
},
], ],
declarations: [...UserComponents], declarations: [...UserComponents],
}) })
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment