◐ Shell
reader mode source ↗
Skip to main content
menu
menuAPI
  • arrow_back API Reference
    • Overview
    • @angular/animations
    • @angular/animations/browser
    • @angular/animations/browser/testing
    • @angular/aria/accordion
    • @angular/aria/combobox
    • @angular/aria/grid
    • @angular/aria/listbox
    • @angular/aria/menu
    • @angular/aria/tabs
    • @angular/aria/toolbar
    • @angular/aria/tree
    • @angular/cdk/drag-drop
    • @angular/cdk/testing
    • @angular/cdk/testing/protractor
    • @angular/cdk/testing/selenium-webdriver
    • @angular/cdk/testing/testbed
    • @angular/common
    • @angular/common/http
    • @angular/common/http/testing
    • @angular/common/testing
    • @angular/common/upgrade
    • @angular/core
    • @angular/core/rxjs-interop
    • @angular/core/testing
    • @angular/elements
    • @angular/forms
    • @angular/forms/signals
    • @angular/forms/signals/compat
    • @angular/localize
    • @angular/localize/init
    • @angular/platform-browser
    • @angular/platform-browser-dynamic
    • @angular/platform-browser-dynamic/testing
    • @angular/platform-browser/animations
    • @angular/platform-browser/animations/async
    • @angular/platform-browser/testing
    • @angular/platform-server
    • @angular/platform-server/testing
    • @angular/router
    • @angular/router/testing
    • @angular/router/upgrade
    • @angular/service-worker
    • @angular/ssr
    • @angular/ssr/node
    • @angular/upgrade
    • @angular/upgrade/static
    • @angular/upgrade/static/testing
    • window.ng globals
@angular/common/http

HttpClientXsrfModule

NgModule
deprecated

Configures XSRF protection support for outgoing requests.

Deprecation warning

Use withXsrfConfiguration({cookieName: 'XSRF-TOKEN', headerName: 'X-XSRF-TOKEN'}) as providers instead or withNoXsrfProtection if you want to disabled XSRF protection.

API

    
      class HttpClientXsrfModule {  static disable(): ModuleWithProviders<HttpClientXsrfModule>;  static withOptions(options?: { cookieName?: string | undefined; headerName?: string | undefined; }): ModuleWithProviders<HttpClientXsrfModule>;}

withOptions

ModuleWithProviders<HttpClientXsrfModule>

Configure XSRF protection.

@paramoptions{ cookieName?: string | undefined; headerName?: string | undefined; }

An object that can specify either or both cookie name or header name.

  • Cookie name default is XSRF-TOKEN.
  • Header name default is X-XSRF-TOKEN.
@returnsModuleWithProviders<HttpClientXsrfModule>

Description

Configures XSRF protection support for outgoing requests.

For a server that supports a cookie-based XSRF protection system, use directly to configure XSRF protection with the correct cookie and header names.

If no names are supplied, the default cookie name is XSRF-TOKEN and the default header name is X-XSRF-TOKEN.

Jump to details