Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New HTTP package has no XSRF support #18100

Closed
mprobst opened this issue Jul 13, 2017 · 1 comment
Closed

New HTTP package has no XSRF support #18100

mprobst opened this issue Jul 13, 2017 · 1 comment
Assignees
@alxhub
Labels
area: common/http feature Issue that requests a new feature security Issues that generally impact framework or application security

Comments

@mprobst
Copy link
Contributor

mprobst commented Jul 13, 2017
edited by IgorMinar

The new common/http package does not support XSRF out of the box.

Current behavior

Doesn't handle XSRF out of the box :-(

Expected behavior

Like the previous package - when the server sets a cookie called XSRF-TOKEN, the client should send back an X-XSRF-TOKEN header with its value on every request.
@mprobst mprobst added regression Indicates than the issue relates to something that worked in a previous version area: common/http labels Jul 13, 2017
@IgorMinar IgorMinar added security Issues that generally impact framework or application security feature Issue that requests a new feature and removed regression Indicates than the issue relates to something that worked in a previous version labels Jul 13, 2017
alxhub added a commit to alxhub/angular that referenced this issue Jul 13, 2017
@alxhub
feat(common): on-by-default XSRF support in HttpClient
65a508c 
Fixes angular#18100
alxhub added a commit to alxhub/angular that referenced this issue Jul 13, 2017
@alxhub
feat(common): on-by-default XSRF support in HttpClient
495169d 
Fixes angular#18100
alxhub added a commit to alxhub/angular that referenced this issue Jul 13, 2017
@alxhub
feat(common): on-by-default XSRF support in HttpClient
cfa68aa 
Fixes angular#18100
asnowwolf pushed a commit to asnowwolf/angular that referenced this issue Aug 11, 2017
@alxhub
feat(common): on-by-default XSRF support in HttpClient (angular#18108)
37f9721 
Fixes angular#18100
juleskremer pushed a commit to juleskremer/angular that referenced this issue Aug 26, 2017
@alxhub @juleskremer
feat(common): on-by-default XSRF support in HttpClient (angular#18108)
4210b0d 
Fixes angular#18100
juleskremer pushed a commit to juleskremer/angular that referenced this issue Aug 28, 2017
@alxhub @juleskremer
feat(common): on-by-default XSRF support in HttpClient (angular#18108)
6fa0fda 
Fixes angular#18100
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Sep 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alxhub alxhub

Labels
area: common/http feature Issue that requests a new feature security Issues that generally impact framework or application security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mprobst @IgorMinar @alxhub