angular, django and csrf
from http://docs.angularjs.org/api/ng.$http , it says we should set default headers to include the token, so i am following it.
my code goes something like this
-
If you use AngularJS 1.1.3 or newer you can use
xsrfHeaderNameandxsrfCookieName:var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']). config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){ $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken'; $httpProvider.defaults.xsrfCookieName = 'csrftoken'; ...See $location in 1.1.3 the documentation.
讨论(0) -
You can only use the
$httpProviderin the config-method. But the problem is that you cannot use$cookiesin the config-method. There only$cookiesProvideris supported. That is described (a bit) in the Module Loading & Dependencies section.What you can do is set the headers at runtime as suggested in the angularjs.org docs
So to make your example work, you can do the following:
var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']). config(['$routeProvider', function($routeProvider){ $routeProvider. when('/', { templateUrl: '/partials/home.html', controller: HomeCtrl }). when('/game/:gameId/shortlist/create',{ templateUrl: '/partials/create-shortlist.html', controller: CreateShortlistCtrl }). otherwise({redirectTo: '/'}); }]); myapp.run(function($rootScope, $http, $cookies){ // set the CSRF token here $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken; $http.get('/api/get-current-user').success(function(data){ $rootScope.current_user = data; $rootScope.current_team = $rootScope.current_user.team; }); $http.get('/api/get-current-season').success(function(data){ $rootScope.current_season = data; }); });And don't forget to include the
angular-cookies.jsfile in your html-file!讨论(0) -
Here is a small lib that could make this more simple https://github.com/pasupulaphani/angular-csrf-cross-domain
讨论(0)
加载中...
- 热议问题