CORS设置如何与Angular的XSRF保护一起使用?绝对URL只是被忽略,但我也需要XSRF来处理绝对URL.这不应该配置HttpClientXsrfModule.withOptions()吗?这似乎是代码中的疏忽.
具体来说,我在Angular代码中看到了这一点:
https://github.com/angular/angular/blob/master/packages/common/http/src/xsrf.ts#L77-L84
// Skip both non-mutating requests and absolute URLs.
// Non-mutating requests don't require a token, and absolute URLs require special handling
// anyway as the cookie set
// on our origin is not the same as the token expected by another origin.
if (req.method === 'GET' || req.method === 'HEAD' || lcUrl.startsWith('http://') ||
lcUrl.startsWith('https://')) {
return next.handle(req);
}
| 归档时间: |
|
| 查看次数: |
497 次 |
| 最近记录: |