x-xsrf-token

angular4 httpclient csrf does not send x-xsrf-token

What you are looking for is HttpClientXsrfModule. Please read more about it here: https://angular.io/api/common/http/HttpClientXsrfModule. Your usage should be like this: imports: [ HttpClientModule, HttpClientXsrfModule.withOptions({ cookieName: ‘My-Xsrf-Cookie’, // this is optional headerName: ‘My-Xsrf-Header’ // this is optional }) ] Additionally, if your code targets API via absolute URL, default CSRF interceptor will not work out of … Read more

Angular 6 does not add X-XSRF-TOKEN header to http request

The problem once again is Angular’s poor documentation. The fact is, Angular will add the X-XSRF-TOKEN header only if the XSRF-TOKEN cookie was generated server-side with the following options: Path = / httpOnly = false (this is very important, and fully undocumented) Besides, the Angular app and the URL being called must reside on the … Read more