The spring-security-csrf-token-interceptor from heidsoft-paas

heidsoft-paas / spring-security-csrf-token-interceptor Goto Github PK

View Code? Open in Web Editor NEW

An AngularJS interceptor that sets the Spring Security CSRF token information in all HTTP requests if it's able to find it in a response header on application startup.

License: Other

JavaScript 100.00%

spring-security-csrf-token-interceptor's Introduction

#spring-security-csrf-token-interceptor

An AngularJS interceptor that will include the CSRF token header in HTTP requests.

It does this by doing an AJAX HTTP HEAD call to / by default, and then retrieves the HTTP header 'X-CSRF-TOKEN' and sets this same token on all HTTP requests.

spring-security-csrf-token-interceptor also supports configuring the CSRF header name, number of retries allowed in-case of Forbidden errors, restrict adding the CSRF tokens to some HTTP types etc.

#Installing ###Via Bower

$ bower install spring-security-csrf-token-interceptor

###Via NPM

$ npm install spring-security-csrf-token-interceptor

#Usage Include this as a dependency on your application:

angular.module('myApp', ['spring-security-csrf-token-interceptor']);

Use the configProvider to customize the interceptor behavior. Check Configuration section for more details.

 csrfProvider.config({});

#Configuration The following options are available for configuring the interceptor,

Note: All these below configurations are optional.

options (Object) - Options to customize the CSRF interceptor behavior.
options.url (String) - The URL to which the initial CSRF request has to be made to get the CSRF token. Default: \.
options.csrfHttpType (String) - The HTTP method type which should be used while requesting the CSRF token call. Default: head.
options.maxRetries (Number) - The number of retries allowed for CSRF token call in-case of 403 Forbidden response errors. Default: 5.
options.csrfTokenHeader (Array) - Set this option to add the CSRF headers only to some HTTP requests. Default: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE'].
options.csrfTokenHeader (String) - Customize the name of the CSRF header on the requests. Default: X-CSRF-TOKEN.

###Example

    angular
        .module('myApp', [
            'spring-security-csrf-token-interceptor'
        ])
        .config(function(csrfProvider) {
            // optional configurations
            csrfProvider.config({
                url: '/login',
                maxRetries: 3,
                csrfHttpType: 'get',
                csrfTokenHeader: 'X-CSRF-XXX-TOKEN',
                httpTypes: ['PUT', 'POST', 'DELETE'] //CSRF token will be added only to these method types 
            });
        }).run(function() {
    });

Recommend Projects