angular/packages
Alan Agius 0276479e7d fix(http): prevent XSRF token leakage to protocol-relative URLs
The XSRF interceptor previously failed to detect protocol-relative URLs (starting with `//`) as absolute URLs. This allowed requests to such URLs to include the XSRF token, potentially leaking it to external domains.

This change updates the interceptor to correctly identify protocol-relative URLs as absolute and exclude them from receiving the XSRF token.
2025-11-25 13:54:57 -05:00
..
animations build: format md files 2025-11-06 10:10:22 -08:00
benchpress build: format md files 2025-11-06 10:10:22 -08:00
common fix(http): prevent XSRF token leakage to protocol-relative URLs 2025-11-25 13:54:57 -05:00
compiler Revert "fix(compiler): support one additional level of nesting in :host()" 2025-11-13 15:44:25 -08:00
compiler-cli build: format md files 2025-11-06 10:10:22 -08:00
core Revert "refactor(core): let the profiler handle asymmetric events leniently" 2025-11-17 18:10:40 +00:00
docs/di build: format md files 2025-11-06 10:10:22 -08:00
elements refactor(core): mark VERSION as @__PURE__ for better tree-shaking 2025-11-10 12:04:08 -08:00
examples build: format md files 2025-11-06 10:10:22 -08:00
forms refactor(core): mark VERSION as @__PURE__ for better tree-shaking 2025-11-10 12:04:08 -08:00
language-service build: format md files 2025-11-06 10:10:22 -08:00
localize build: format md files 2025-11-06 10:10:22 -08:00
misc/angular-in-memory-web-api build: format md files 2025-11-06 10:10:22 -08:00
platform-browser refactor(core): mark VERSION as @__PURE__ for better tree-shaking 2025-11-10 12:04:08 -08:00
platform-browser-dynamic refactor(core): mark VERSION as @__PURE__ for better tree-shaking 2025-11-10 12:04:08 -08:00
platform-server refactor(core): mark VERSION as @__PURE__ for better tree-shaking 2025-11-10 12:04:08 -08:00
private/testing build: rename defaults2.bzl to defaults.bzl (#63384) 2025-08-25 15:45:46 -07:00
router docs: adds guide references to router APIs 2025-11-13 18:00:23 +00:00
service-worker Revert "feat(service-worker): notify clients about version failures (#62718)" 2025-11-11 12:48:48 -08:00
ssr/docs build: rename defaults2.bzl to defaults.bzl (#63384) 2025-08-25 15:45:46 -07:00
upgrade refactor(core): mark VERSION as @__PURE__ for better tree-shaking 2025-11-10 12:04:08 -08:00
zone.js build: format md files 2025-11-06 10:10:22 -08:00
BUILD.bazel build: rename defaults2.bzl to defaults.bzl (#63384) 2025-08-25 15:45:46 -07:00
circular-deps-test.conf.js docs(docs-infra): lift circular imports (#63186) 2025-08-19 07:58:47 +00:00
empty.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
goog.d.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
license-banner.txt docs: update website URL in license banners (#64183) 2025-10-02 07:56:59 -07:00
package.json build: prepare for compiler-cli to be using ts_project (#61181) 2025-05-09 15:59:46 +00:00
README.md build: format md files 2025-11-06 10:10:22 -08:00
system.d.ts refactor: update packages/core:{core,src} to ts_project (#61275) 2025-05-14 12:01:51 +00:00
tsconfig-build.json build: migrate to using new jasmine_test (#62131) 2025-06-19 10:06:27 +02:00
tsconfig-legacy-saucelabs.json feat(core): support TypeScript 5.5 (#56096) 2024-05-29 15:33:33 +02:00
tsconfig-test.json
tsconfig.json refactor: use zone.js from npm instead of packages/zone.js throughout repo (#61977) 2025-06-10 12:02:03 -07:00
tsec-exemption.json
types.d.ts build: move private testing helpers outside platform-browser/testing (#61472) 2025-05-20 10:00:43 +00:00

Angular

The sources for this package are in the main Angular repo. Please file issues and pull requests against that repo.

Usage information and reference details can be found in Angular documentation.

License: MIT