Skip to content
/ spring-security-csrf-token-interceptor Public
forked from aditzel/spring-security-csrf-token-interceptor

An AngularJS interceptor that sets the Spring Security CSRF token information in all HTTP requests if it's able to find it in a response header on application startup.

License

View license
4 stars 26 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

karthilxg/spring-security-csrf-token-interceptor

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
dist
dist
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.jshintrc
.jshintrc
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bower.json
bower.json
 
 
package.json
package.json
 
 

Repository files navigation

spring-security-csrf-token-interceptor-extended

An AngularJS interceptor that will include the CSRF token header in HTTP requests.

It does this by doing an AJAX HTTP HEAD call to / by default, and then retrieves the HTTP header 'X-CSRF-TOKEN' and sets this same token on all HTTP requests.

spring-security-csrf-token-interceptor-extended also supports configuring the CSRF header name, number of retries allowed in-case of Forbidden errors, restrict adding the CSRF tokens to some HTTP types etc.

This package is actually forked from aditzel to continuing the support for latest versions.

Installing

Via Bower

$ bower install spring-security-csrf-token-interceptor-extended

Via NPM

$ npm install spring-security-csrf-token-interceptor-extended

Usage

Include this as a dependency on your application:

angular.module('myApp', ['spring-security-csrf-token-interceptor']);

Use the configProvider to customize the interceptor behavior. Check Configuration section for more details.

 csrfProvider.config({});

Configuration

The following options are available for configuring the interceptor,

Note: All these below configurations are optional.

  • options (Object) - Options to customize the CSRF interceptor behavior.

  • options.url (String) - The URL to which the initial CSRF request has to be made to get the CSRF token. Default: \.

  • options.csrfHttpType (String) - The HTTP method type which should be used while requesting the CSRF token call. Default: head.

  • options.maxRetries (Number) - The number of retries allowed for CSRF token call in-case of 403 Forbidden response errors. Default: 5.

  • options.csrfTokenHeader (Array) - Set this option to add the CSRF headers only to some HTTP requests. Default: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE'].

  • options.csrfTokenHeader (String) - Customize the name of the CSRF header on the requests. Default: X-CSRF-TOKEN.

Example

    angular
        .module('myApp', [
            'spring-security-csrf-token-interceptor'
        ])
        .config(function(csrfProvider) {
            // optional configurations
            csrfProvider.config({
                url: '/login',
                maxRetries: 3,
                csrfHttpType: 'get',
                csrfTokenHeader: 'X-CSRF-XXX-TOKEN',
                httpTypes: ['PUT', 'POST', 'DELETE'] //CSRF token will be added only to these method types 
            });
        }).run(function() {
    });

About

An AngularJS interceptor that sets the Spring Security CSRF token information in all HTTP requests if it's able to find it in a response header on application startup.

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 2

New bower package spring-security-csrf-token-interceptor-extended Latest
Oct 26, 2015
+ 1 release

Packages

No packages published

Languages

  • JavaScript 100.0%