Skip to content

Aquent | DEV6

AngularJS with Spring Security and CSRF Token

Written by: Chad Upton

I was recently working on an AngularJS application with Spring Security. We needed to implement Cross Site Request Forgery protection.
For more about this type of attack, take a look at the explanation on the open web application security project.

By default AngularJS provides a mechanism to implement Cross Site Request Forgery, however this mechanism works with cookies only. Since Spring Security works by setting a token as an HTTP parameter, the out of the box solution AngularJS provides wouldn’t work. There are several posted discussions about how to implement CSRF with Spring Security within single page applications. While reading these solutions, I discovered a simple AngularJS interceptor that did the trick.

As mentioned in the documentation, the spring-security-csrf-token-interceptor works by making a head call to receive the X-CSRF-TOKEN, it then stores this token and sends it out with every http request.

Problem Solved!

Sign up for our Angular Course

Learn the most recent version and start building your own Angular apps

view course details