This site uses cookies from Google to deliver its services and to analyze traffic.
Learn more
Skip to main content
Say hello to Angular's future home!Check out Angular.devHome
/
API > @angular/common > @angular/common/http

HttpClientXsrfModule

Configures XSRF protection support for outgoing requests.

See more...

      
      class HttpClientXsrfModule {
  static disable(): ModuleWithProviders<HttpClientXsrfModule>
  static withOptions(options: { cookieName?: string; headerName?: string; } = {}): ModuleWithProviders<HttpClientXsrfModule>
}

Description

For a server that supports a cookie-based XSRF protection system, use directly to configure XSRF protection with the correct cookie and header names.

If no names are supplied, the default cookie name is XSRF-TOKEN and the default header name is X-XSRF-TOKEN.

Static methods

disable()

Disable the default XSRF protection.

 
      
      static disable(): ModuleWithProviders<HttpClientXsrfModule>
Parameters

There are no parameters.

Returns

ModuleWithProviders<HttpClientXsrfModule>

withOptions()

Configure XSRF protection.

 
      
      static withOptions(options: { cookieName?: string; headerName?: string; } = {}): ModuleWithProviders<HttpClientXsrfModule>
Parameters
options object

An object that can specify either or both cookie name or header name.

  • Cookie name default is XSRF-TOKEN.
  • Header name default is X-XSRF-TOKEN.

Optional. Default is {}.
Returns

ModuleWithProviders<HttpClientXsrfModule>

Providers

Provider 
      
      HttpXsrfInterceptor
    
      
      { provide: HTTP_INTERCEPTORS, useExisting: HttpXsrfInterceptor, multi: true }
    
      
      { provide: HttpXsrfTokenExtractor, useClass: HttpXsrfCookieExtractor }
    
      
      withXsrfConfiguration({
    cookieName: XSRF_DEFAULT_COOKIE_NAME,
    headerName: XSRF_DEFAULT_HEADER_NAME
}).ɵproviders
    
      
      { provide: XSRF_ENABLED, useValue: true }