Awesome Open Source
Awesome Open Source


An AngularJS interceptor that will include the CSRF token header in HTTP requests.

It does this by doing an AJAX HTTP HEAD call to / by default, and then retrieves the HTTP header 'X-CSRF-TOKEN' and sets this same token on all HTTP requests.

spring-security-csrf-token-interceptor also supports configuring the CSRF header name, number of retries allowed in-case of Forbidden errors, restrict adding the CSRF tokens to some HTTP types etc.

#Installing ###Via Bower

$ bower install spring-security-csrf-token-interceptor

###Via NPM

$ npm install spring-security-csrf-token-interceptor

#Usage Include this as a dependency on your application:

angular.module('myApp', ['spring-security-csrf-token-interceptor']);

Use the configProvider to customize the interceptor behavior. Check Configuration section for more details.


#Configuration The following options are available for configuring the interceptor,

Note: All these below configurations are optional.
  • options (Object) - Options to customize the CSRF interceptor behavior.

  • options.url (String) - The URL to which the initial CSRF request has to be made to get the CSRF token. Default: \.

  • options.csrfHttpType (String) - The HTTP method type which should be used while requesting the CSRF token call. Default: head.

  • options.maxRetries (Number) - The number of retries allowed for CSRF token call in-case of 403 Forbidden response errors. Default: 5.

  • options.csrfTokenHeader (Array) - Set this option to add the CSRF headers only to some HTTP requests. Default: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE'].

  • options.csrfTokenHeader (String) - Customize the name of the CSRF header on the requests. Default: X-CSRF-TOKEN.


        .module('myApp', [
        .config(function(csrfProvider) {
            // optional configurations
                url: '/login',
                maxRetries: 3,
                csrfHttpType: 'get',
                csrfTokenHeader: 'X-CSRF-XXX-TOKEN',
                httpTypes: ['PUT', 'POST', 'DELETE'] //CSRF token will be added only to these method types 
        }).run(function() {
Alternatives To Spring Security Csrf Token Interceptor
Select To Compare

Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Javascript (1,072,919
Http (30,182
Token (29,698
Spring (28,663
Retry (2,679
Http Requests (2,576
Csrf (1,253