Build Status Bower version Code Climate Test Coverage


Enable csrf/xsrf protection for cross domain requests in Angular

$http docs : Angular provides a mechanism to counter XSRF. When performing XHR requests, but will not be set for cross-domain requests.

You only need this library: * For cross domain requests and enable angular csrf/xsrf protection.

Getting Started

Install the library through bower. js bower install angular-csrf-cross-domain

Also available with the name angular-xsrf-cross-domain

Add it to your app dependency js angular.module('myModule',['csrf-cross-domain'])

That's it - you are done!


The provider is fully customizable. Below are the methods given by provider.

Default csrf component names: - HTTP default header name: X-XSRF-TOKEN - HTTP default cookie name: XSRF-TOKEN - HTTP default allowed methods: 'GET', 'POST', 'PUT', 'PATCH', 'DELETE'

Django example: (each framework has its own default csrf component naming convention)


  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request


comments powered by Disqus
This page was last updated almost 4 years ago.