Commit bbc8f8e3 authored by FORESTIER Fabien's avatar FORESTIER Fabien Committed by ncastejon
Browse files

Make angular set a x-xsrf-token header on http requests using its csrf feature

parent 07108233
import { BrowserModule } from '@angular/platform-browser';
import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
import { NgModule, APP_INITIALIZER } from '@angular/core';
import { HttpClientModule } from '@angular/common/http';
import { HttpClientModule, HttpClientXsrfModule } from '@angular/common/http';
import { AppComponent } from './app.component';
import { AppRoutingModule } from './app-routing.module';
......@@ -44,6 +44,9 @@ export function initAppConfig(appConfigService: AppConfigService) {
BrowserModule,
BrowserAnimationsModule,
HttpClientModule,
HttpClientXsrfModule.withOptions({
headerName: 'x-xsrf-token',
}),
CoreModule,
EditorialisationModule,
UserModule,
......
import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs';
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
intercept(
req: HttpRequest<any>,
next: HttpHandler,
): Observable<HttpEvent<any>> {
const xsrfToken = localStorage.getItem('xsrfToken');
let request = req;
// && req.url.includes('https://data-intothesky.alpha.grandlyon.com/authentication/api/logout'
if (xsrfToken) {
request = req.clone({
headers: req.headers.set('x-xsrf-token', xsrfToken),
});
}
return next.handle(request);
}
}
......@@ -4,8 +4,6 @@ import { UserRoutingModule } from './user-routing.module';
import { UserServices } from './services';
import { UserComponents } from './components';
import { FormsModule, ReactiveFormsModule } from '@angular/forms';
import { HTTP_INTERCEPTORS } from '@angular/common/http';
import { AuthInterceptor } from './interceptors/auth-interceptor';
import { UserGuards } from './guards';
import { SharedModule } from '../shared/shared.module';
......@@ -20,11 +18,6 @@ import { SharedModule } from '../shared/shared.module';
providers: [
...UserGuards,
...UserServices,
{
provide: HTTP_INTERCEPTORS,
useClass: AuthInterceptor,
multi: true,
},
],
declarations: [...UserComponents],
})
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment