我的登录请求的响应如下所示: -
- 它有Cookie JSESSIONID和XSRF-TOKEN
现在,其他后续请求如下所示 . 我读到默认情况下Angular 2从cookie获取值并附加到每个后续请求的 Headers 但是它不这样做 .
请让我知道我应该怎么做,以便Angular自动和全局地接收它 .
CORS SETUP
res.set('Access-Control-Allow-Origin', req.headers.origin);
res.set('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE,OPTIONS');
res.set('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding');
res.set('Access-Control-Allow-Credentials', true);
1 回答
您正在进行GET请求并期待XSRF令牌
https://angular.io/guide/http#security-xsrf-protection