angular

mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00

History

Alan Agius 40790ef980 fix(http): prevent XSRF token leakage to protocol-relative URLs The XSRF interceptor previously failed to detect protocol-relative URLs (starting with `//`) as absolute URLs. This allowed requests to such URLs to include the XSRF token, potentially leaking it to external domains. This change updates the interceptor to correctly identify protocol-relative URLs as absolute and exclude them from receiving the XSRF token.		2025-11-25 13:47:26 -05:00
..
src	fix(http): prevent XSRF token leakage to protocol-relative URLs	2025-11-25 13:47:26 -05:00
test	fix(http): prevent XSRF token leakage to protocol-relative URLs	2025-11-25 13:47:26 -05:00
testing	build: format md files	2025-11-06 10:03:05 -08:00
BUILD.bazel	build: rename defaults2.bzl to defaults.bzl (#63383 )	2025-08-25 15:45:01 -07:00
index.ts	refactor: update license text to point to angular.dev (#57901 )	2024-09-24 15:33:00 +02:00
PACKAGE.md	build: format md files	2025-11-06 10:03:05 -08:00
public_api.ts	feat(http): Provide http services in root (#56212 )	2025-08-14 13:04:35 +02:00