XSRF 标头未在 AngularJS 中设置 [英] XSRF headers not being set in AngularJS
问题描述
我正在开发一个 DJANGO + AngularJS 应用程序,其中角度部分不是由 django 提供的.
I'm developing a DJANGO + AngularJS application, where the angular part is not being served by django.
我设置的角度 $httpProvider
如下:
I set the angular $httpProvider
as follows:
myApp = angular.module('myApp', [])
myApp.config(['$httpProvider',
function(provider){
provider.defaults.xsrfCookieName = 'csrftoken';
provider.defaults.xsrfHeaderName = 'X-CSRFToken';
}
然后,在执行任何 POST 之前,我执行了一个设置 cookie 的 GET.我可以通过 Chrome 确认设置了 cookie:
Then, before doing any POST, I do a GET which sets the cookie. I can confirm through Chrome that the cookie is set:
set-cookie:csrftoken=hg88ZZFEdLPnwDdN1eiNquA8YzTySdQO; expires=Tue, 19-Aug-2014 12:26:35 GMT; Max-Age=31449600; Path=/
(在 Chrome 开发者工具中的 resources/cookies/localhost 中可见)
(it's visible in resources/cookies/localhost in the Chrome developer tools)
但是,当我执行 POST 时,没有设置 X-CSRFToken
标头
However when I do a POST, no X-CSRFToken
header is being set
这是 Chrome 记录的 POST:
this is the POST as recorded by Chrome:
POST /data/activities/search HTTP/1.1
Host: localhost:14080
Connection: keep-alive
Content-Length: 2
Accept: application/json, text/plain, */*
Origin: http://localhost:14080
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://localhost:14080/public/html/main.html?codekitCB=398694184.799418
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: csrftoken=hg88ZZFEdLPnwDdN1eiNquA8YzTySdQO
为什么没有设置标题?我还需要做什么来激活此功能?
Why is no header being set? What else should I do to activate this functionality?
(旁注:如果我在 $http() 调用中手动传递标头,POST 请求工作正常..因此问题实际上是 AngularJS 未设置标头)
(side note: if I manually pass the header in the $http() call, the POST request works fine.. therefore the problem is really the header not being set by AngularJS)
推荐答案
非常简单的答案:它仅从 1.2.0 版开始可用,该版本目前是候选发布版.
very simple answer: it's only available from version 1.2.0, which is at the moment a release candidate.
这篇关于XSRF 标头未在 AngularJS 中设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!