Skip to content

Commit b4265e0

Browse files
Hacklonevsavkin
authored andcommitted
fix(xsrf): overwrite already set xsrf header
1 parent 178fb79 commit b4265e0

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

modules/@angular/http/src/backends/xhr_backend.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ export class CookieXSRFStrategy implements XSRFStrategy {
187187

188188
configureRequest(req: Request) {
189189
let xsrfToken = __platform_browser_private__.getDOM().getCookie(this._cookieName);
190-
if (xsrfToken && !req.headers.has(this._headerName)) {
190+
if (xsrfToken) {
191191
req.headers.set(this._headerName, xsrfToken);
192192
}
193193
}

modules/@angular/http/test/backends/xhr_backend_spec.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,11 +124,11 @@ export function main() {
124124
backend.createConnection(sampleRequest);
125125
expect(sampleRequest.headers.get('X-XSRF-TOKEN')).toBe('magic XSRF value');
126126
});
127-
it('respects existing headers', () => {
127+
it('should allow overwriting of existing headers', () => {
128128
getDOM().setCookie('XSRF-TOKEN', 'magic XSRF value');
129129
sampleRequest.headers.set('X-XSRF-TOKEN', 'already set');
130130
backend.createConnection(sampleRequest);
131-
expect(sampleRequest.headers.get('X-XSRF-TOKEN')).toBe('already set');
131+
expect(sampleRequest.headers.get('X-XSRF-TOKEN')).toBe('magic XSRF value');
132132
});
133133

134134
describe('configuration', () => {

0 commit comments

Comments
 (0)