Angular 4 - setting withCredentials on every request - cors cookie

angular http cookies oauth-2.0 cross-domain
28,448

You can use an HttpInterceptor.

@Injectable()
export class CustomInterceptor implements HttpInterceptor {

    constructor() {
    }

    intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

        request = request.clone({
            withCredentials: true
        });

        return next.handle(request);
    }
}

Next you have to provide it:

@NgModule({
  bootstrap: [AppComponent],
  imports: [...],
  providers: [
    {
      provide: HTTP_INTERCEPTORS,
      useClass: CustomInterceptor ,
      multi: true
    }
  ]
})
export class AppModule {}

Source and full explanation

Share:
28,448
exilonX
Author by

exilonX

Updated on October 16, 2020

Comments

  • exilonX
    exilonX over 3 years

    My angular client is separated from the backend and I have enabled cors on the backend, everything works fine except the fact that my authentication fails because the cookie is not added to requests.

    After searching online I found that I should set {withCredentials : true} on every http request. I managed to do it on a single request and it works, but not on all the requests.

    I tried using BrowserXhr How to send "Cookie" in request header for all the requests in Angular2? but it doesn't work and it's also deprecated afaik.

    I also tried RequestOptions but it didn't work.

    What can I do to set {withCredentials: true} on every http request?

    Later Edit:

    @Injectable()
export class ConfigInterceptor implements HttpInterceptor {

  constructor(private csrfService: CSRFService) {

  }

  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
    let token = this.csrfService.getCSRF() as string;
    const credentialsReq = req.clone({withCredentials : true, setHeaders: { "X-XSRF-TOKEN": token } });
    return next.handle(credentialsReq);
  }
}
  • Quentin
    Quentin over 6 years
    Please avoid link only answers. Answers that are "barely more than a link to an external site” may be deleted.
  • Venomy
    Venomy over 6 years
    @Quentin Apologies, I updated my answer with code examples.
  • Thomas Wana
    Thomas Wana over 6 years
    Note that this only works if you're doing requests with @angular/common/http, not with @angular/http.
  • MGDavies
    MGDavies about 6 years
    This only appears to work for get requests, any advice on post and put?
  • Venomy
    Venomy about 6 years
    @MGDavies The HttpInterceptor is not limited to GET requests and should also work for POST and PUT.
  • Phil
    Phil almost 6 years
    @ThomasWana Do you know how I could add that functionality with @angular/http?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting cookies for multiple sub-domains
Cookies disappear after redirect
How to create cross-domain request?
Angular HttpClient post not working
sub-domain cookies, sent in a parent domain request?
What can cause a cookie not to be set on the client?
HTTP Post oAuth 2 "Check the `grant_type` parameter"
How can I add multiple headers in Flutter GET Api request
How to POST in Flutter with cookie or session?
Angular 2 - Cancelling a subscription after a timeout