Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
feat(security): Automatic XSRF handling. #8898
What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
Does this PR introduce a breaking change?
Automatically recognize XSRF protection cookies, and set a corresponding XSRF
Part of #8511.
However, this might need more doc, or links to https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) for instance ? The problem is straightforward, but it's not obvious how Angular having this automatic header addition from cookie values helps, and what should a developer do with this to prevent issues.