使用Django CSRF保护使用angular2 http请求的正确方法是什么? [英] What is the right way to use angular2 http requests with Django CSRF protection?
问题描述
在Angular1中,可以通过配置$ http-provider来解决问题。喜欢:
In Angular1 the problem can be solved by configuring $http-provider. Like:
app.config(function($httpProvider) {
$httpProvider.defaults.xsrfCookieName = 'csrftoken';
$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
});
在Angular2中做同样的做法是什么?
What is a good practice to do the same in Angular2?
在Angular2中使用http请求,我们需要使用类Http。当然,这不是一个很好的做法,在每个函数调用后添加CSRF行。
In Angular2 to work with http requests we need to use class Http. Of course that's not a good practice to add CSRF-line to each call of post-function.
我猜在Angular2我应该创建自己的类继承Angular2的Http类和重新定义后功能。这是正确的方法还是有更优雅的方法?
I guess in Angular2 I should create own class that inherits Angular2's Http class and redefine the post-function. Is it the right approach or is there a more elegant method?
推荐答案
Victor K的答案是完全有效的,但从角度2.0。 0-rc.2,首选方法是使用CookieXSRFStrategy,如下所示,
Victor K's answer is perfectly valid however as of angular 2.0.0-rc.2, a preferred approach would be to use CookieXSRFStrategy as below,
bootstrap(AngularApp, [
HTTP_PROVIDERS,
provide(XSRFStrategy, {useValue: new CookieXSRFStrategy('csrftoken', 'X-CSRFToken')})
]);
这篇关于使用Django CSRF保护使用angular2 http请求的正确方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!