如何将CSRF令牌添加到angular 2应用程序 [英] How to add csrf token to angular 2 application

问题描述

由于在angular2和spring应用程序之间维护了用户会话，我已在java后端（在 SecurityConfig.java 文件中）中启用了CSRF。但是当帖子提交被触发时，我还没有看到任何CSRF令牌绑定到POST请求。

I have enabled the CSRF in the java back-end (in SecurityConfig.java file) due to maintain user sessions between the angular2 and spring app. but when the post submission fired, I haven't seen any CSRF token binded to the POST request.

如何将 CSRF 令牌添加到我的 angular2 应用中。
（添加到发布请求中）

How would be possible way to add the CSRF token to my angular2 app. (add to the post request )

loginService.ts

loginService.ts

  userLogin(loginDTO){
    let headers = new Headers({ 'Content-Type': 'application/json' });
    let options = new RequestOptions({ headers: headers });

    var result = this._http.post(this._rest_service_login, JSON.stringify(loginDTO),options)
        .map(res => res.json());
    return result;
}

推荐答案

您应该看看 Angular2开发人员指南。您可以使用提供程序来实施一项策略（或使用现有策略）。

You should have a look at the developer guide of Angular2. You can implement a strategy (or use an existing one) by using providers.

@NgModule({
 (...) 
    providers: 
    [
        { provide: XSRFStrategy, useValue: new CookieXSRFStrategy('myCookieName', 'My-Header-Name')},
    ]
}) 
export class AppModule { }

RC.4

RC.4

bootstrap(
    AppComponent,
    [
        { provide: XSRFStrategy, useValue: new CookieXSRFStrategy('myCookieName', 'My-Header-Name')},
    ]
);

您还可以通过使用以下提供程序为应用程序实现自定义策略{提供：XSRFStrategy，useClass：MyXSRFStrategy} 。

You can also implement a custom strategy for your application by using the following provider { provide: XSRFStrategy, useClass: MyXSRFStrategy}.

这篇关于如何将CSRF令牌添加到angular 2应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！