Nativescript-angular: Missing documentation: getting/sending CSRF tokens via http requests

Created on 16 Jun 2016  路  7Comments  路  Source: NativeScript/nativescript-angular

Hi,

I have been looking for hours for documentation about getting/sending CSRF tokens, mainly for posting http requests but I can not find anything.
This is my first mobile app (so my first try with Nativescript) and it is based on Django API which requires CSRF token for security matter. So far I keep having this error: "CSRF Failed: CSRF token missing or incorrect".

I have found documentation about this issue for Angular 2.0 webapps and all nativescript competitors (Ionic, ReactNative, etc...) but nothing for Nativescript mobile apps built with Angular 2.0.

So basically I have no idea how to get CSRF token value in order to send it afterward within my http post requests. Maybe I'm missing something obvious...

Thanks for your help!

picture sebastiendan

All 7 comments

I had a hard time finding this to implement it with angular2. I'm not sure if this is what you need but it might help you. Here is my code:

 loadModules(authToken, selectedCompany) {
        var body = "auth_token=" + authToken + "&company_id=" + selectedCompany;
        let headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' });
        let options = new RequestOptions({ headers: headers });
        return this.http.post(this.apiMethod, body, options)
            .map(res => res.json())
            .subscribe(
            data => this.connectionEstablished(JSON.parse(data)),
            err => this.handleErrors(err)
            );
    }

Basically what it does is a http POST request with 2 parameters: auth_token and company_id and then receive a JSON to use it in the app.

In order to use it and call the post method of http, you have to import:
import {Http, Response, RequestOptions, Headers} from '@angular/http';

I'm not an expert but let me know if it worked to you and if you have any questions, perhaps I could help you.

eleddie picture eleddie on 27 Jun 2016

@eleddie Thanks for your reply but this is not what I'm looking for. I am not trying to send CSRF token in my post request (well, I will do that eventually), but I am trying to get the CSRF token.
My API is a Django backend so I know a first GEt request will make Django create a cookie with CSRF token value, which I am supposed to get and send back in my further POST requests.
The issue here is how to access this cookie from Nativescript frontend mobile app, or more generally how to get this CRSF token value from my angular 2.0 mobile app.

sebastiendan picture sebastiendan on 28 Jun 2016

@eleddie Ok thanks. I'll try to find some doc about it on Django side.

sebastiendan picture sebastiendan on 4 Jul 2016
👍1

@sebastiendan any progress?

paolodina picture paolodina on 16 Sep 2016

Closing due to inactivity

NickIliev picture NickIliev on 2 Jan 2018

I can't find documentation either, about cookies in general. I've understood there is no cookie store on mobile, but I think they are just headers variable we should have access.
On an angular webapp, I receive from http calls a response header 'Set-Cookie: XSRF-TOKEN=xxxxxxxx'. But on the mobile app, I don't receive a 'Set-Cookie' header and I get a 403 "Invalid CSRF Token".
So what do I need to add in my nativescript project to handle cookies ?

pacome2017 picture pacome2017 on 19 Apr 2019
👍1

@NickIliev I cant believe no answer is given to this issue. This is really an important problem...

rnmhdn picture rnmhdn on 13 Sep 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pkoleva picture pkoleva  路  3Comments
leakira picture leakira  路  3Comments
sarvagayatri picture sarvagayatri  路  3Comments
sis0k0 picture sis0k0  路  3Comments
Sulman633 picture Sulman633  路  3Comments