Not able to get csrftoken in angular 8 whereas it is showing in developer tools in chrome.

223 views
Skip to first unread message

sandhya panchal

unread,
Jun 18, 2020, 5:54:14 AM6/18/20
to Angular and AngularJS discussion
I am trying to access csrftoken sent in response header through Django Rest Framework API to Angular 8 , but unable to do that.The csrf token is visible in developer tools in Chrome.please help me to resolve this issue as i am trying this from 1 week. 



the above snippet shows the csrf token in Set-Cookie section.I want to access this value in angular code so that i can send it in request to call an api.

I have attached  Django Api  settings.py file.

Below is my angular code where i am trying to access the the headers from response.
Login code which is calling django api and in response getting various headers.

login(email: string, password: string) {
  
    this.email = email;
    return this.http.post<any>("http://127.0.0.1:8000/api/Login/", { email, password },{ observe: 'response' })
      .pipe(tap((user) => {
       
        localStorage.setItem('currentUser', JSON.stringify(user));
        console.log(user);
        console.log("csrftoken:" + user.headers.get('csrftoken'));            // tring to access csrf using headers
        this.currentUserSubject.next(user);
        this.data.setLoggedIn(true);
        console.log("cookie data:"+this.Cookie.get('csrftoken'));               //trying to access using cookie
        return user;
        }));
  }

All other headers are accessible except  Set-Cookie:csrftoken   response header. can anybody please help me out here?Any help will be appreciated.







settings.py

bastien lemaire

unread,
Jun 18, 2020, 7:37:28 AM6/18/20
to ang...@googlegroups.com
Hi

I think the issue is something to do with the "HttpOnly" flag:
image.png
Your cookie is locked to the http layer.
Hope this helps

Bastien Lemaire


--
You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/angular/a449e596-ac4b-4177-be9c-eb7a30d03214o%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages