angular/packages/common/http
Alan Agius 05fe6686a9 fix(http): prevent XSRF token leakage to protocol-relative URLs
The XSRF interceptor previously failed to detect protocol-relative URLs (starting with `//`) as absolute URLs. This allowed requests to such URLs to include the XSRF token, potentially leaking it to external domains.

This change updates the interceptor to correctly identify protocol-relative URLs as absolute and exclude them from receiving the XSRF token.
2025-11-25 13:57:28 -05:00
..
src fix(http): prevent XSRF token leakage to protocol-relative URLs 2025-11-25 13:57:28 -05:00
test fix(http): prevent XSRF token leakage to protocol-relative URLs 2025-11-25 13:57:28 -05:00
testing build: migrate common to use rules_js based toolchain (#61434) 2025-05-20 15:08:43 +00:00
BUILD.bazel build: migrate common to use rules_js based toolchain (#61434) 2025-05-20 15:08:43 +00:00
index.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
PACKAGE.md docs: Update guide link in http package md file (#59955) 2025-04-08 09:20:20 -07:00
public_api.ts feat(common): introduce experimental httpResource (#59876) 2025-02-14 18:40:37 +00:00