angular, django and csrf

问题:

from http://docs.angularjs.org/api/ng.$http , it says we should set default headers to include the token, so i am following it.

my code goes something like this

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).     config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){         $routeProvider.             when('/', {                 templateUrl: '/partials/home.html',                 controller: HomeCtrl             }).             when('/game/:gameId/shortlist/create',{                 templateUrl: '/partials/create-shortlist.html',                 controller: CreateShortlistCtrl             }).             otherwise({redirectTo: '/'});     }]);  myapp.run(function($rootScope, $http, $cookies, $httpProvider){     $http.get('/api/get-current-user').success(function(data){         $rootScope.current_user = data;         $rootScope.current_team = $rootScope.current_user.team;     });     $http.get('/api/get-current-season').success(function(data){         $rootScope.current_season = data;     });     $rootScope.csrf_token = $cookies.csrftoken;     console.log($httpProvider.defaults.headers.common);     //$httpProvider.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken; }); 

as you can see, i have applied multiple approaches but am unable to set header with csrf token. the two errors i have encountered are

Uncaught Error: Unknown provider: $httpProviderProvider

what am i doing wrong?

回答1:

If you use AngularJS 1.1.3 or newer you can use xsrfHeaderName and xsrfCookieName:

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).   config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){     $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';     $httpProvider.defaults.xsrfCookieName = 'csrftoken';     ... 

See $location in 1.1.3 the documentation.

回答2:

You can only use the $httpProvider in the config-method. But the problem is that you cannot use $cookies in the config-method. There only $cookiesProvider is supported. That is described (a bit) in the Module Loading & Dependencies section.

What you can do is set the headers at runtime as suggested in the angularjs.org docs

So to make your example work, you can do the following:

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).     config(['$routeProvider', function($routeProvider){         $routeProvider.             when('/', {                 templateUrl: '/partials/home.html',                 controller: HomeCtrl             }).             when('/game/:gameId/shortlist/create',{                 templateUrl: '/partials/create-shortlist.html',                 controller: CreateShortlistCtrl             }).             otherwise({redirectTo: '/'});     }]);  myapp.run(function($rootScope, $http, $cookies){     // set the CSRF token here     $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;      $http.get('/api/get-current-user').success(function(data){         $rootScope.current_user = data;         $rootScope.current_team = $rootScope.current_user.team;     });     $http.get('/api/get-current-season').success(function(data){         $rootScope.current_season = data;     }); }); 

And don't forget to include the angular-cookies.js file in your html-file!

回答3:

Here is a small lib that could make this more simple https://github.com/pasupulaphani/angular-csrf-cross-domain

文章来源: angular, django and csrf