Aspnetcore.docs: Update antiforgery topic for Angular

Created on 20 Mar 2018 · 12Comments · Source: dotnet/AspNetCore.Docs

https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery
aspnetcore/security/anti-request-forgery.md

The topic contains AngularJS instructions and an AngularJS sample. If nothing changed between Angular and AngularJS, then it might be possible to "rebrand" the Angular section from "AngularJS" to "AngularJS/Angular." Otherwise, the topic should have both Angular and AngularJS instructions and samples.

Since the sample is 1.0, I'll mark it for Q2.

Source

guardrex

All 12 comments

@guardrex The current document only mentions Angularjs 1x solution to send XSRF token to .net core API. We can add the example for Angular 2 (Using Http module) or Angular4+ (using HttpClient module ) to send the token in the request header as the process is little different for Angular and Angularjs. Can I submit a PR for this with sample code for Angular2 and Angular4+?

Niladri24dutta on 19 Aug 2018

_Yes, you definitely can with our thanks._ I defer to @scottaddie tho to work with you on this. I know enough about Angular for an Angular dev to punch me in the face when discussing it. 👊 :boy: 🚑 lol

guardrex on 19 Aug 2018

👍1

@Niladri24dutta We'd love to see a PR from you. If you're able, I recommend including only a solution that works for Angular 6, as that's the latest stable version.

scottaddie on 20 Aug 2018

@scottaddie and @guardrex ok I will submit a solution with Angular 6 only.

Niladri24dutta on 21 Aug 2018

👍1

Sounds great. @scottaddie is unavailable for a short time, but he'll be back on soon to pick up the discussion and look at your upcoming PR.

guardrex on 21 Aug 2018

👍1

Looking forward to your PR, @Niladri24dutta! Thank you for helping out.

scottaddie on 22 Aug 2018

@Niladri24dutta any chance you could PR this?

Rick-Anderson on 5 Jan 2019

Looks like https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.2#angularjs fixes this.

Rick-Anderson on 5 Jan 2019

@Rick-Anderson yes I think it's covered now by that change . And for the Angular(2x) related configuration to include XSRF token it's already described in the official angular documentation. It's will be better to not include it here again.

Niladri24dutta on 5 Jan 2019

@Rick-Anderson BTW Angular(2x) does not include the XSRF token by default , we need to import a particular module for that. Let me know if this information needs to be added here.

Niladri24dutta on 5 Jan 2019

@Niladri24dutta Do you know how it works with the latest version of Angular (v7)? That's the behavior that should be documented.

scottaddie on 8 Jan 2019

@scottaddie we need to import HttpClientXsrfModule in the root module and set the custom cookie/header name there. Else it won't send the headers. Also it's only applicable for the api's which uses relative path. If we are using absolute path for the api's then we need to implement our custom Http interceptor to set the headers.

Niladri24dutta on 9 Jan 2019

Was this page helpful?

0 / 5 - 0 ratings