Instantly share code, notes, and snippets.

Embed
What would you like to do?
ANGULARJS - Django CSRF Token header setup
var myApp = angular.module('myApp').config(function($httpProvider) {
$httpProvider.defaults.headers.post['X-CSRFToken'] = $('input[name=csrfmiddlewaretoken]').val();
});
@skyl

This comment has been minimized.

Show comment
Hide comment
@skyl

skyl Apr 21, 2013

awesome, thanks.

skyl commented Apr 21, 2013

awesome, thanks.

@mbarchein

This comment has been minimized.

Show comment
Hide comment
@mbarchein

mbarchein commented Jun 21, 2013

Great

@sansb

This comment has been minimized.

Show comment
Hide comment
@sansb

sansb Aug 16, 2013

Thank ye

sansb commented Aug 16, 2013

Thank ye

@gorillamania

This comment has been minimized.

Show comment
Hide comment
@gorillamania

gorillamania Feb 27, 2014

Very good idea, saved me time. 1 answer @changetip

gorillamania commented Feb 27, 2014

Very good idea, saved me time. 1 answer @changetip

@c3chandu

This comment has been minimized.

Show comment
Hide comment
@c3chandu

c3chandu Mar 7, 2014

Good one. place the "X-CSRFToken" in common headers for better usage.
$httpProvider.defaults.headers.common['X-CSRFToken'] = $('input[name=csrfmiddlewaretoken]').val();

c3chandu commented Mar 7, 2014

Good one. place the "X-CSRFToken" in common headers for better usage.
$httpProvider.defaults.headers.common['X-CSRFToken'] = $('input[name=csrfmiddlewaretoken]').val();

@adrihein

This comment has been minimized.

Show comment
Hide comment
@adrihein

adrihein Apr 25, 2014

Perfect, thanks.

adrihein commented Apr 25, 2014

Perfect, thanks.

@CalebMuhia

This comment has been minimized.

Show comment
Hide comment
@CalebMuhia

CalebMuhia Jul 25, 2014

you can also have this in a http interceptor, and get the csrftoken from the cookies, like so

config.headers['X-CSRFToken'] = $cookies.csrftoken

CalebMuhia commented Jul 25, 2014

you can also have this in a http interceptor, and get the csrftoken from the cookies, like so

config.headers['X-CSRFToken'] = $cookies.csrftoken

@jedrichards

This comment has been minimized.

Show comment
Hide comment
@jedrichards

jedrichards Sep 16, 2014

@CalebMuhia isn't the whole point of a CSRF token that it isn't stored in a cookie?

jedrichards commented Sep 16, 2014

@CalebMuhia isn't the whole point of a CSRF token that it isn't stored in a cookie?

@ailling

This comment has been minimized.

Show comment
Hide comment
@ailling

ailling Oct 14, 2014

@jedrichards No. In fact, django always stores the csrf token in a cookie: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#ajax

And the docs recommend getting the value from the cookie for all javascript code (as opposed to obtaining it from the DOM).

ailling commented Oct 14, 2014

@jedrichards No. In fact, django always stores the csrf token in a cookie: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#ajax

And the docs recommend getting the value from the cookie for all javascript code (as opposed to obtaining it from the DOM).

@karllindmark

This comment has been minimized.

Show comment
Hide comment
@karllindmark

karllindmark commented Dec 28, 2014

@ailling: Good point!

@pasupulaphani

This comment has been minimized.

Show comment
Hide comment
@pasupulaphani

pasupulaphani May 1, 2015

Just put together a small lib just to make easy to use. Similar concept. https://github.com/pasupulaphani/angular-csrf-cross-domain

pasupulaphani commented May 1, 2015

Just put together a small lib just to make easy to use. Similar concept. https://github.com/pasupulaphani/angular-csrf-cross-domain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment