angular, django and csrf
If you use AngularJS 1.1.3 or newer you can use xsrfHeaderName
and xsrfCookieName
:
var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']). config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){ $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken'; $httpProvider.defaults.xsrfCookieName = 'csrftoken'; ...
See $location in 1.1.3 the documentation.
You can only use the $httpProvider
in the config-method. But the problem is that you cannot use $cookies
in the config-method. There only $cookiesProvider
is supported.That is described (a bit) in the Module Loading & Dependencies section.
What you can do is set the headers at runtime as suggested in the angularjs.org docs
So to make your example work, you can do the following:
var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']). config(['$routeProvider', function($routeProvider){ $routeProvider. when('/', { templateUrl: '/partials/home.html', controller: HomeCtrl }). when('/game/:gameId/shortlist/create',{ templateUrl: '/partials/create-shortlist.html', controller: CreateShortlistCtrl }). otherwise({redirectTo: '/'}); }]);myapp.run(function($rootScope, $http, $cookies){ // set the CSRF token here $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken; $http.get('/api/get-current-user').success(function(data){ $rootScope.current_user = data; $rootScope.current_team = $rootScope.current_user.team; }); $http.get('/api/get-current-season').success(function(data){ $rootScope.current_season = data; });});
And don't forget to include the angular-cookies.js
file in your html-file!
Here is a small lib that could make this more simple https://github.com/pasupulaphani/angular-csrf-cross-domain