我有 Angular 13 應用程式和使用 ruby?? on rails 的后端。根據 Angular 檔案https://angular.io/api/common/http/HttpClientXsrfModule#description,我應該能夠簡單地使用 HttpClientXsrfModule 進行 XSRF 保護。它有 cookieName 和 headerName 的可選設定。問題是在我的情況下沒有 CSRF cookie,令牌存盤在頁眉 META 標記中。這就是為什么我認為不可能像檔案所說的那樣使用 HttpClientXsrfModule 。
相反,我將實作一個自定義攔截器,但是我不知道如何在 Angular 自定義攔截器中獲取 META 標記值。https://angular.io/guide/http#intercepting-requests-and-responses
請建議我如何在 Angular 攔截器中獲取頁眉 META 標記值:
import { Injectable } from '@angular/core';
import {
HttpEvent, HttpInterceptor, HttpHandler, HttpRequest
} from '@angular/common/http';
import { Observable } from 'rxjs';
@Injectable()
export class NoopInterceptor implements HttpInterceptor {
intercept(req: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
req = req.clone({
setHeaders: { 'X-CSRF-TOKEN': ...how to get it... }
});
return next.handle(req);
}
}
uj5u.com熱心網友回復:
Angular 提供了元服務,我們可以使用它來檢索元元素。
import { Meta } from '@angular/platform-browser';
import { Injectable } from '@angular/core';
import {
HttpEvent, HttpInterceptor, HttpHandler, HttpRequest
} from '@angular/common/http';
import { Observable } from 'rxjs';
@Injectable()
export class NoopInterceptor implements HttpInterceptor {
constructor(private meta:Meta){
console.log(this.meta.getTag('name="csrf-token"').content);
}
intercept(req: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
req = req.clone({
setHeaders: { 'X-CSRF-TOKEN': this.meta.getTag('name="csrf-token"').content }
});
return next.handle(req);
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/380428.html