AngularJS找不到XSRF-TOKEN饼干 [英] AngularJS can't find XSRF-TOKEN cookie
问题描述
我使用的角度1.0.4与ASP.NET MVC4 +网络API项目。我试图利用角的CSRF保护无济于事。我可以看到我沿着一个叫XSRF-TOKEN cookie的传球,但是当角度尝试将值添加为名为X-XSRF-TOKEN在响应头,值显示为未定义。我尝试以下的建议这里,但是HTML尚未呈现,所以没有元素被找到。
I'm using angular 1.0.4 with an ASP.NET MVC4 + Web API project. I'm trying to leverage angular's CSRF protection to no avail. I can see that I'm passing along a cookie named XSRF-TOKEN, but when angular tries to add the value as a header named X-XSRF-TOKEN in the response, the value appears as undefined. I tried following the advice here, but the HTML has yet to render, so no element is found.
什么可能我会丢失?由ASP.NET MVC中产生的RequestVerificationToken的cookie保护,使用JavaScript访问?
What might I be missing? Is the RequestVerificationToken cookie generated by ASP.NET MVC protected from javascript access?
此外,是有可能有角懒洋洋地检索无论是饼干或形成的输入值?如果是这样,怎么样?我无法找到如何做到这一点的任何文档。
Also, is it possible to have angular lazily retrieve either the cookie or form input value? If so, how? I cannot find any docs on how to do this.
推荐答案
我找不到一个确切的回答我的问题。我结束了创建服务,找到输入[名称=__ RequestVerificationToken],得到它的价值,并与该值返回一个对象。我然后使用该对象设置的标头中的配置。这让我懒懒地提取和附加价值作为该不会立即出现在页面上的表单的标题。
I could not find an exact answer to my question. I ended up creating a service to find the 'input[name="__RequestVerificationToken"]', get its value, and return an object with that value. I then set the headers in the config using that object. This lets me lazily extract and append the value as a header for a form that doesn't appear immediately on the page.
我也意识到,经进一步审查,该ASP.NET的AntiForgeryToken支持需要的cookie,并形成输入/标头值来验证,所以内置的AngularJS的支持将不会反正足够了。
I also realized, upon further review, that ASP.NET's AntiForgeryToken support requires both the cookie and form input/header value to validate, so the built-in AngularJS support wouldn't suffice anyway.
如果任何人有一个更好的解决方案,我会很高兴的答案传输到解决方案。
If anyone has a better solution, I will happily transfer the answer to that solution.
这篇关于AngularJS找不到XSRF-TOKEN饼干的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
