spring-security-csrf-token-interceptor

WebJar for spring-security-csrf-token-interceptor

License

License

Apache 2.0
Categories

Categories

Security
GroupId

GroupId

org.webjars.bower
ArtifactId

ArtifactId

spring-security-csrf-token-interceptor
Last Version

Last Version

0.1.5
Release Date

Release Date

Type

Type

jar
Description

Description

spring-security-csrf-token-interceptor
WebJar for spring-security-csrf-token-interceptor
Project URL

Project URL

http://webjars.org
Source Code Management

Source Code Management

https://github.com/aditzel/spring-security-csrf-token-interceptor

Download spring-security-csrf-token-interceptor

How to add to project

<!-- https://jarcasting.com/artifacts/org.webjars.bower/spring-security-csrf-token-interceptor/ -->
<dependency>
    <groupId>org.webjars.bower</groupId>
    <artifactId>spring-security-csrf-token-interceptor</artifactId>
    <version>0.1.5</version>
</dependency>
// https://jarcasting.com/artifacts/org.webjars.bower/spring-security-csrf-token-interceptor/
implementation 'org.webjars.bower:spring-security-csrf-token-interceptor:0.1.5'
// https://jarcasting.com/artifacts/org.webjars.bower/spring-security-csrf-token-interceptor/
implementation ("org.webjars.bower:spring-security-csrf-token-interceptor:0.1.5")
'org.webjars.bower:spring-security-csrf-token-interceptor:jar:0.1.5'
<dependency org="org.webjars.bower" name="spring-security-csrf-token-interceptor" rev="0.1.5">
  <artifact name="spring-security-csrf-token-interceptor" type="jar" />
</dependency>
@Grapes(
@Grab(group='org.webjars.bower', module='spring-security-csrf-token-interceptor', version='0.1.5')
)
libraryDependencies += "org.webjars.bower" % "spring-security-csrf-token-interceptor" % "0.1.5"
[org.webjars.bower/spring-security-csrf-token-interceptor "0.1.5"]

Dependencies

There are no dependencies for this project. It is a standalone project that does not depend on any other jars.

Project Modules

There are no modules declared in this project.

#spring-security-csrf-token-interceptor

An AngularJS interceptor that will include the CSRF token header in HTTP requests.

It does this by doing an AJAX HTTP HEAD call to / by default, and then retrieves the HTTP header 'X-CSRF-TOKEN' and sets this same token on all HTTP requests.

spring-security-csrf-token-interceptor also supports configuring the CSRF header name, number of retries allowed in-case of Forbidden errors, restrict adding the CSRF tokens to some HTTP types etc.

#Installing ###Via Bower

$ bower install spring-security-csrf-token-interceptor

###Via NPM

$ npm install spring-security-csrf-token-interceptor

#Usage Include this as a dependency on your application:

angular.module('myApp', ['spring-security-csrf-token-interceptor']);

Use the configProvider to customize the interceptor behavior. Check Configuration section for more details.

 csrfProvider.config({});

#Configuration The following options are available for configuring the interceptor,

Note: All these below configurations are optional.
  • options (Object) - Options to customize the CSRF interceptor behavior.

  • options.url (String) - The URL to which the initial CSRF request has to be made to get the CSRF token. Default: \.

  • options.csrfHttpType (String) - The HTTP method type which should be used while requesting the CSRF token call. Default: head.

  • options.maxRetries (Number) - The number of retries allowed for CSRF token call in-case of 403 Forbidden response errors. Default: 5.

  • options.csrfTokenHeader (Array) - Set this option to add the CSRF headers only to some HTTP requests. Default: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE'].

  • options.csrfTokenHeader (String) - Customize the name of the CSRF header on the requests. Default: X-CSRF-TOKEN.

###Example

    angular
        .module('myApp', [
            'spring-security-csrf-token-interceptor'
        ])
        .config(function(csrfProvider) {
            // optional configurations
            csrfProvider.config({
                url: '/login',
                maxRetries: 3,
                csrfHttpType: 'get',
                csrfTokenHeader: 'X-CSRF-XXX-TOKEN',
                httpTypes: ['PUT', 'POST', 'DELETE'] //CSRF token will be added only to these method types 
            });
        }).run(function() {
    });

Versions

Version
0.1.5