Add a setting for CSRF Header name
|Reported by:||Owned by:||Grzegorz Ślusarek|
|Severity:||Normal||Keywords:||csrf, header, angularjs|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
CSRF includes a few customizations in settings:
but neglects allowing the user to set the Header name used by the server.
It would be very helpful to have this setting to use with AngularJS. While AngularJS allows overriding the cookie and header name, it would be better for my workflow (and I'm sure others) to set this on the server side and then AngularJS's CSRF functionality will "just work".
Details on the AngularJS CSRF workings:
http://docs.angularjs.org/api/ng.$http § Cross Site Request Forgery (XSRF) Protection
Change History (17)
comment:12 Changed 22 months ago by
|Owner:||changed from nobody to Grzegorz Ślusarek|
|Patch needs improvement:||unset|
|Status:||new → assigned|