I’ve an Angular 9 frontend + Java Spring Boot 2 backend software. I exploit JWT entry tokens in cookies to authenticate my customers and so I want XSRF cookies to guard in opposition to XSRF assaults. At the moment I carry out a GET name to my server when my Angular software is loaded for the primary time, which can generate a XSRF cookie which then will get saved on the shopper. All works nice till…
Issues break once I logout as a result of I clear all cookies at that time. The primary (non-GET) name to the server API will fail as a result of XSRF token is lacking, however second name will work as a result of the primary name retrieved a brand new XSRF token regardless of failing.
I figured it might be a good suggestion to implement a HTTP interceptor that checks each request for the server for the presence of the XSRF cookie. If not current, I’ll make a GET name to the server only for the XSRF cookie after which proceed with the request. To stop that GET name from being intercepted recursively I added an additional if verify to let the GET name move like this:
intercept(request: HttpRequest<any>, subsequent: HttpHandler): Observable<HttpEvent<any>> {
if (this.csrfTokenNotPresent() && !this.isCsrfTokenRequest(request)) {
this.authService.getCsrfToken().subscribe((obj: any) => {
return subsequent.deal with(request);
});
}
if(this.csrfTokenNotPresent() && this.isCsrfTokenRequest(request)) {
return subsequent.deal with(request).pipe(
map((response: HttpResponse) => {
// TODO map XSRF token from response to ongoing request
})
);
}
return subsequent.deal with(request);
}
personal csrfTokenNotPresent(): boolean {
return !this.cookieService.verify('XSRF-TOKEN');
}
personal isCsrfTokenRequest(request: HttpRequest<any>): boolean {
return request.url != null && request.url === '/api/auth/csrf';
}
- The primary
ifblock begins a brand newGETrequest and waits for that to complete. - The second
ifblock will catch that request, let the decision get to the server and may add the XSRF cookie from the response to the request within theTODOplaceholder - The primary
ifblock ought to now proceed and the request now accommodates the XSRF cookie
I’m not fully certain this can work. Can I add cookies to an ongoing HTTP request? If that’s the case, how do I map the cookies from the HttpResponse to the request? I’m additionally open to different approaches to resolve my drawback.
Best Quality Private Proxies by Proxyti:
fully anonymous
100% anonymous and safe reliable private proxies
1,000 mb/s speed
Blazing fast proxy servers with up to 1,000 mb/s speed
Elite quality
Best quality proxies from world and USA locations
Unlimited bandwidth
No limits of using your proxies - truly unlimited bandwidth
Buy Now - Get 2X More Proxies:
100 Private Proxies
$30/month
200 Private Proxies
$50/month
500 Private Proxies
$100/month
1,000 Private Proxies
$180/month
2,000 Private Proxies
$340/month
5,000 Private Proxies
$750/month
Our Unbeatable Proxy Features:
Anonymous Proxies
100% security with our proxies – anonymous and secure proxy experience
Ultra Fast Speed
Proxyti offers up to 1,000 mb/s ultra fast proxy speed – feel the real power!
Unlimited Bandwidth
No data limits for your proxies – truly unlimited proxy bandwidth for you!
Proxy Authentication
We secure proxies with IP authentication – use your proxies with your own IP
Elite Quality
Highest proxy quality guarantee with supported HTTP/HTTPS and SOCKS connections
Great Prices
Proxyti offers great proxies for great prices – this is what we call new proxy era!
USA Locations
You can choose USA or random proxies locations when ordering for free
No Limitations
We don’t have any limits – you can use your proxies with every software or program!
Lots Of Subnets
The more proxies you buy, the more subnets you get – it is worth ordering more!
Semi Dedicated
Our proxies are shared with maximum of 5 users at a time, but they are still anonymous
Fast Delivery
We deliver your ordered proxies in your email in .txt file – this is simple as that
Awesome Support
Have any questions or want more information – please contact us anytime!
