x-xsrf-token

Safari 11 X-XSRF-TOKEN not updated after refresh

我是研究僧i 提交于 2019-12-21 04:41:05
问题 Recently Safari 11 was released on Mac OSX. This update causes problem with our webapplication in combination with XSRF on the header of our reuest. I will try to describe the problem in a logic way. This is how a good situation would look like: When a user wants to log in, he receives a response from the server with a Set-Cookie that contains the value of the XSRF token. Eg: Set-Cookie: XSRF-TOKEN=LKNBX4DZhL708KjXNkgXnlxTDCNuhsZG1kTc2SFy498; Path=/; Secure The page refreshes The next call

Angular 6 does not add X-XSRF-TOKEN header to http request

有些话、适合烂在心里 提交于 2019-12-17 18:18:54
问题 I've read the docs and all the related questions on SO, but still Angular's XSRF mechanism isn't working for me: in no way I can make a POST request with the X-XSRF-TOKEN header appended automatically. I have an Angular 6 app with a login form. It's part of a Symfony (PHP 7.1) website, and the Angular app page, when served from Symfony, sends the correct Cookie ( XSRF-TOKEN ): My app.module.ts includes the right modules: // other imports... import {HttpClientModule, HttpClientXsrfModule} from

Antiforgery token in a distributed SPA application

假如想象 提交于 2019-12-13 09:12:22
问题 I am working on a distributed high availability single-page-application which gets served from a cluster of docker nodes. Occasionally a node will die (for perfectly valid reasons, so that is not the issue). All the clients get then seamlessly rerouted to one of the other nodes. Unfortunately, all of their XSRF tokens are then invalid, as they were stored in memory in the client. The question is, thus, how can we distribute storage of the current XSRF token(s) in a *nix based setup? 回答1: To

AntiForgery Token implementation in Angular 2 and Web Api using Aps.Net Core

≯℡__Kan透↙ 提交于 2019-12-12 18:17:01
问题 I have separate frontend project in Angular 2 without using MVC and backend project is Web Api (Asp.Net Core) both are hosted on different domain. I implemented AntiForgery token functionality but it is not working. Frontend project (UI)- http://localhost:8080/ Backend project (Web Api) - http://localhost:4823/ I am able to receive and send XSRF-Token cookie in every request but api gives 400 Bad Request error. I followed this link- Angular2 ASP.NET Core AntiForgeryToken Startup.cs - public

Angular 5 unable to get XSRF token from HttpXsrfTokenExtractor

北战南征 提交于 2019-12-12 07:36:19
问题 I am trying to make a POST request via an absolute URL to a Spring (Basic authentication) secured Rest API. Having read that Angular omits inserting the X-XSRF-TOKEN into the request header automatically for absolute urls, I tried to implement an HttpInterceptor to add the token in. In my original /signin POST request, I create the necessary authorization: Basic header to ensure Spring authenticates the request. The response header returned contains the expected set-cookie token: Set-Cookie

Issue in adding Xsrf-Token in an Angular 6

我怕爱的太早我们不能终老 提交于 2019-12-07 19:19:43
问题 Posting data from the form submit via API was successful. But after adding X-CSRF-TOKEN to the header and setting withCredentials: true resulted data were not posted to the script named insert.php Error: Failed to load http://localhost/simple_api/insert.php: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost

Issue in adding Xsrf-Token in an Angular 6

主宰稳场 提交于 2019-12-06 00:17:03
Posting data from the form submit via API was successful. But after adding X-CSRF-TOKEN to the header and setting withCredentials: true resulted data were not posted to the script named insert.php Error: Failed to load http://localhost/simple_api/insert.php : Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin ' http://localhost:4200 ' is therefore not allowed access. The credentials mode of requests initiated by the

Safari 11 X-XSRF-TOKEN not updated after refresh

二次信任 提交于 2019-12-03 13:27:22
Recently Safari 11 was released on Mac OSX. This update causes problem with our webapplication in combination with XSRF on the header of our reuest. I will try to describe the problem in a logic way. This is how a good situation would look like: When a user wants to log in, he receives a response from the server with a Set-Cookie that contains the value of the XSRF token. Eg: Set-Cookie: XSRF-TOKEN=LKNBX4DZhL708KjXNkgXnlxTDCNuhsZG1kTc2SFy498; Path=/; Secure The page refreshes The next call that will be executed contains that correct XSRF value in the header. On the server side the value is

Angular 6 does not add X-XSRF-TOKEN header to http request

自作多情 提交于 2019-11-28 08:29:59
I've read the docs and all the related questions on SO, but still Angular's XSRF mechanism isn't working for me: in no way I can make a POST request with the X-XSRF-TOKEN header appended automatically. I have an Angular 6 app with a login form. It's part of a Symfony (PHP 7.1) website, and the Angular app page, when served from Symfony, sends the correct Cookie ( XSRF-TOKEN ): My app.module.ts includes the right modules: // other imports... import {HttpClientModule, HttpClientXsrfModule} from "@angular/common/http"; // ... @NgModule({ declarations: [ // ... ], imports: [ NgbModule.forRoot(),

angular4 httpclient csrf does not send x-xsrf-token

萝らか妹 提交于 2019-11-27 12:26:23
In angular documentation, it is mentioned that the angular httpclient will automatically send the value of cookie XSRF-TOKEN in the header X-XSRF-TOKEN of post request. Documentation link But it does not send the header for me. Here is my code Nodejs code to set the cookie router.get('/set-csrf',function(req,res,next){ res.setHeader('Set-Cookie', "XSRF-TOKEN=abc;Path=/; HttpOnly; SameSite=Strict"); res.send(); }) I have used the httpclient in app.module.ts imports: [ HttpClientModule ] ** The above code is just for debug purpose. I do not have a set-csrf endpoint. But it does not send any
订阅 x-xsrf-token