Cookies concent notice

This site uses cookies from Google to deliver its services and to analyze traffic.
Learn more
Skip to main content
This site is no longer updated.Head to Angular.devHome
/

This is the archived documentation for Angular v17. Please visit angular.dev to see this page for the current version of Angular.

HttpClientXsrfModule

Configures XSRF protection support for outgoing requests.

See more...

      
      class HttpClientXsrfModule {
  static disable(): ModuleWithProviders<HttpClientXsrfModule>
  static withOptions(options: { cookieName?: string; headerName?: string; } = {}): ModuleWithProviders<HttpClientXsrfModule>
}
    

Description

For a server that supports a cookie-based XSRF protection system, use directly to configure XSRF protection with the correct cookie and header names.

If no names are supplied, the default cookie name is XSRF-TOKEN and the default header name is X-XSRF-TOKEN.

Static methods

Disable the default XSRF protection.

      
      static disable(): ModuleWithProviders<HttpClientXsrfModule>
    
Parameters

There are no parameters.

Returns

ModuleWithProviders<HttpClientXsrfModule>

Configure XSRF protection.

      
      static withOptions(options: { cookieName?: string; headerName?: string; } = {}): ModuleWithProviders<HttpClientXsrfModule>
    
Parameters
options object

An object that can specify either or both cookie name or header name.

  • Cookie name default is XSRF-TOKEN.
  • Header name default is X-XSRF-TOKEN.

Optional. Default is {}.

Returns

ModuleWithProviders<HttpClientXsrfModule>

Providers

Provider
      
      HttpXsrfInterceptor
    
      
      { provide: HTTP_INTERCEPTORS, useExisting: HttpXsrfInterceptor, multi: true }
    
      
      { provide: HttpXsrfTokenExtractor, useClass: HttpXsrfCookieExtractor }
    
      
      withXsrfConfiguration({
    cookieName: XSRF_DEFAULT_COOKIE_NAME,
    headerName: XSRF_DEFAULT_HEADER_NAME
}).ɵproviders
    
      
      { provide: XSRF_ENABLED, useValue: true }