How does Angular handle XSS or CSRF?

前端未结

关注

 3  1265

闹比i 2020-12-08 07:45

How does Angular (2) handle XSS and CSRF. Does it even handle these attacks? If so, what do I have to do to use this protection? If not, do I have to handle all these attac

3条回答

萌比男神i (楼主)

2020-12-08 08:05
For mentioned server side in Angular, the CSRF you might handle using Express:
```
app.use(express.csrf())
app.use(function (req, res, next) {
  res.cookie('XSRF-TOKEN', req.session._csrf);
  res.locals.csrftoken = req.session._csrf;
  next();
})
```
Not sure if with the new HttpClientXsrfModule it's still required though. It might be enough to add only the following (but need to be confirmed) on the client side in app.module:
```
HttpClientXsrfModule.withOptions({
  cookieName: 'XSRF-TOKEN',
  headerName: 'X-XSRF-TOKEN'
})
```
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...