Make angular set a x-xsrf-token header on http requests using its csrf feature

bbc8f8e3 · FORESTIER Fabien · ncastejon · 07108233 · bbc8f8e3 · 07108233
Commit bbc8f8e3 authored 5 years ago by FORESTIER Fabien Committed by ncastejon 5 years ago
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
 import { BrowserModule } from '@angular/platform-browser';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { NgModule, APP_INITIALIZER } from '@angular/core';
-import { HttpClientModule } from '@angular/common/http';
+import { HttpClientModule, HttpClientXsrfModule } from '@angular/common/http';

 import { AppComponent } from './app.component';
 import { AppRoutingModule } from './app-routing.module';
@@ -44,6 +44,9 @@ export function initAppConfig(appConfigService: AppConfigService) {
    BrowserModule,
    BrowserAnimationsModule,
    HttpClientModule,
+    HttpClientXsrfModule.withOptions({
+      headerName: 'x-xsrf-token',
+    }),
    CoreModule,
    EditorialisationModule,
    UserModule,

--- a/src/app/user/interceptors/auth-interceptor.ts
+++ b/src/app/user/interceptors/auth-interceptor.ts
-import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
-import { Injectable } from '@angular/core';
-import { Observable } from 'rxjs';
-
-@Injectable()
-export class AuthInterceptor implements HttpInterceptor {
-
-  intercept(
-    req: HttpRequest<any>,
-    next: HttpHandler,
-  ): Observable<HttpEvent<any>> {
-    const xsrfToken = localStorage.getItem('xsrfToken');
-    let request = req;
-
-    // && req.url.includes('https://data-intothesky.alpha.grandlyon.com/authentication/api/logout'
-    if (xsrfToken) {
-      request = req.clone({
-        headers: req.headers.set('x-xsrf-token', xsrfToken),
-      });
-    }
-    return next.handle(request);
-  }
-}
--- a/src/app/user/user.module.ts
+++ b/src/app/user/user.module.ts
@@ -4,8 +4,6 @@ import { UserRoutingModule } from './user-routing.module';
 import { UserServices } from './services';
 import { UserComponents } from './components';
 import { FormsModule, ReactiveFormsModule } from '@angular/forms';
-import { HTTP_INTERCEPTORS } from '@angular/common/http';
-import { AuthInterceptor } from './interceptors/auth-interceptor';
 import { UserGuards } from './guards';
 import { SharedModule } from '../shared/shared.module';

@@ -20,11 +18,6 @@ import { SharedModule } from '../shared/shared.module';
  providers: [
    ...UserGuards,
    ...UserServices,
-    {
-      provide: HTTP_INTERCEPTORS,
-      useClass: AuthInterceptor,
-      multi: true,
-    },
  ],
  declarations: [...UserComponents],
 })