AngularJS无法找到XSRF-TOKEN Cookie [英] AngularJS can't find XSRF-TOKEN cookie
问题描述
我在ASP.NET MVC4 + Web API项目中使用angular 1.0.4.我试图利用angular的CSRF保护无济于事.我可以看到我传递了一个名为XSRF-TOKEN的cookie,但是当angular尝试在响应中将值添加为名为X-XSRF-TOKEN的标头时,该值显示为未定义.我尝试在此处的建议下进行操作,但是HTML尚未呈现,因此找不到元素.
I'm using angular 1.0.4 with an ASP.NET MVC4 + Web API project. I'm trying to leverage angular's CSRF protection to no avail. I can see that I'm passing along a cookie named XSRF-TOKEN, but when angular tries to add the value as a header named X-XSRF-TOKEN in the response, the value appears as undefined. I tried following the advice here, but the HTML has yet to render, so no element is found.
我可能会缺少什么?由ASP.NET MVC生成的RequestVerificationToken cookie是否受到保护,无法进行JavaScript访问?
What might I be missing? Is the RequestVerificationToken cookie generated by ASP.NET MVC protected from javascript access?
还可以让角度懒惰地检索cookie或表单输入值吗?如果是这样,怎么办?我找不到有关如何执行此操作的任何文档.
Also, is it possible to have angular lazily retrieve either the cookie or form input value? If so, how? I cannot find any docs on how to do this.
推荐答案
我找不到我的问题的确切答案.我最终创建了一个服务来查找"input [name ="__ RequestVerificationToken"]",获取其值,然后返回具有该值的对象.然后,我使用该对象在配置中设置标题.这样,我就可以懒惰地提取值并将其附加为不会立即显示在页面上的表单的标题.
I could not find an exact answer to my question. I ended up creating a service to find the 'input[name="__RequestVerificationToken"]', get its value, and return an object with that value. I then set the headers in the config using that object. This lets me lazily extract and append the value as a header for a form that doesn't appear immediately on the page.
我还进一步了解到,ASP.NET的AntiForgeryToken支持需要cookie和表单输入/标头值来进行验证,因此内置的AngularJS支持仍然无法满足要求.
I also realized, upon further review, that ASP.NET's AntiForgeryToken support requires both the cookie and form input/header value to validate, so the built-in AngularJS support wouldn't suffice anyway.
如果有人有更好的解决方案,我会很乐意将答案转移到该解决方案上.
If anyone has a better solution, I will happily transfer the answer to that solution.
这篇关于AngularJS无法找到XSRF-TOKEN Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
