mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
8fb63dff94
The current configuration of `HttpClientModule` explicitely enables the XSRF configuration, but this XSRF configuration is the one used by default by `provideHttpClient`. See https://github.com/angular/angular/blob/main/packages/common/http/src/provider.ts#L50-L98 PR Close #48957
106 lines
3.1 KiB
TypeScript
106 lines
3.1 KiB
TypeScript
/**
|
|
* @license
|
|
* Copyright Google LLC All Rights Reserved.
|
|
*
|
|
* Use of this source code is governed by an MIT-style license that can be
|
|
* found in the LICENSE file at https://angular.io/license
|
|
*/
|
|
|
|
import {ModuleWithProviders, NgModule} from '@angular/core';
|
|
|
|
import {HTTP_INTERCEPTORS} from './interceptor';
|
|
import {provideHttpClient, withInterceptorsFromDi, withJsonpSupport, withNoXsrfProtection, withXsrfConfiguration} from './provider';
|
|
import {HttpXsrfCookieExtractor, HttpXsrfInterceptor, HttpXsrfTokenExtractor, XSRF_DEFAULT_COOKIE_NAME, XSRF_DEFAULT_HEADER_NAME, XSRF_ENABLED} from './xsrf';
|
|
|
|
/**
|
|
* Configures XSRF protection support for outgoing requests.
|
|
*
|
|
* For a server that supports a cookie-based XSRF protection system,
|
|
* use directly to configure XSRF protection with the correct
|
|
* cookie and header names.
|
|
*
|
|
* If no names are supplied, the default cookie name is `XSRF-TOKEN`
|
|
* and the default header name is `X-XSRF-TOKEN`.
|
|
*
|
|
* @publicApi
|
|
*/
|
|
@NgModule({
|
|
providers: [
|
|
HttpXsrfInterceptor,
|
|
{provide: HTTP_INTERCEPTORS, useExisting: HttpXsrfInterceptor, multi: true},
|
|
{provide: HttpXsrfTokenExtractor, useClass: HttpXsrfCookieExtractor},
|
|
withXsrfConfiguration({
|
|
cookieName: XSRF_DEFAULT_COOKIE_NAME,
|
|
headerName: XSRF_DEFAULT_HEADER_NAME,
|
|
}).ɵproviders,
|
|
{provide: XSRF_ENABLED, useValue: true},
|
|
],
|
|
})
|
|
export class HttpClientXsrfModule {
|
|
/**
|
|
* Disable the default XSRF protection.
|
|
*/
|
|
static disable(): ModuleWithProviders<HttpClientXsrfModule> {
|
|
return {
|
|
ngModule: HttpClientXsrfModule,
|
|
providers: [
|
|
withNoXsrfProtection().ɵproviders,
|
|
],
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Configure XSRF protection.
|
|
* @param options An object that can specify either or both
|
|
* cookie name or header name.
|
|
* - Cookie name default is `XSRF-TOKEN`.
|
|
* - Header name default is `X-XSRF-TOKEN`.
|
|
*
|
|
*/
|
|
static withOptions(options: {
|
|
cookieName?: string,
|
|
headerName?: string,
|
|
} = {}): ModuleWithProviders<HttpClientXsrfModule> {
|
|
return {
|
|
ngModule: HttpClientXsrfModule,
|
|
providers: withXsrfConfiguration(options).ɵproviders,
|
|
};
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Configures the [dependency injector](guide/glossary#injector) for `HttpClient`
|
|
* with supporting services for XSRF. Automatically imported by `HttpClientModule`.
|
|
*
|
|
* You can add interceptors to the chain behind `HttpClient` by binding them to the
|
|
* multiprovider for built-in [DI token](guide/glossary#di-token) `HTTP_INTERCEPTORS`.
|
|
*
|
|
* @publicApi
|
|
*/
|
|
@NgModule({
|
|
/**
|
|
* Configures the [dependency injector](guide/glossary#injector) where it is imported
|
|
* with supporting services for HTTP communications.
|
|
*/
|
|
providers: [
|
|
provideHttpClient(withInterceptorsFromDi()),
|
|
],
|
|
})
|
|
export class HttpClientModule {
|
|
}
|
|
|
|
/**
|
|
* Configures the [dependency injector](guide/glossary#injector) for `HttpClient`
|
|
* with supporting services for JSONP.
|
|
* Without this module, Jsonp requests reach the backend
|
|
* with method JSONP, where they are rejected.
|
|
*
|
|
* @publicApi
|
|
*/
|
|
@NgModule({
|
|
providers: [
|
|
withJsonpSupport().ɵproviders,
|
|
],
|
|
})
|
|
export class HttpClientJsonpModule {
|
|
}
|