After the Authorization request, the server redirects to the "/" application and sends the XSRF-TOKEN and laravel-session to the cookie.

Task: to transmit this Token in 'Params' with each subsequent request, after receiving it from the Cookie

How to do?

There is a cycle, for example:

app.controller('myCtrl', ['$http', '$scope', '$cookies', function($http, $scope, $state, $cookies) { $http({ method:'POST', url:'https://mysite/api/acc_details', params: { 'token': $cookies.csrftoken } })

Tried and ` config: $ http.defaults.headers.post ['X-CSRFToken'] = $ cookies.get ('csrftoken') ,

But in this case, the server will receive a header that it should read. and $ cookies.ge () constantly in the console gives an error that 'get' is not defined.

  • how does angular2 apply here? - Grundy
  • The request goes from the application to Angular to the API to the server (laravel). @Grundy - Ch. Alexey
  • angular and angular2 are completely different things, not particularly related - Grundy
  • There is a cycle, for example: - there is no cycle in the code - Grundy
  • I just asked a question: how to get the token from the cookie? angular2 uses the same mechanisms in this case, only slightly modified. - Ch. Alexey

1 answer 1

For ANgular 2.0+: https://angular.io/docs/ts/latest/guide/security.html Add to the bootstrap module:

 { provide: XSRFStrategy, useValue: new CookieXSRFStrategy('myCookieName', 'My-Header-Name')}
  • Can you explain in more detail on an example how to use the proposed solution? - Max