Fix to make default headers to be different objects breaks POST,PUT,DELETE #5997
Comments
ghost
assigned 
|
Can you check the actual headers (either in the web inspector - network panel or log them on the server) and compare the diff between 1.2.8 and 1.2.9? |
|
Thats a good point. Basically the request headers are identical, except this: X-CSRFToken:N251mZOjKpxRFHEtC0zlGsIeVTY5g21D Which dont seem to be sent in 1.2.9+, but works fine in 1.2.8 and earlier. To set the X-CSRFToken I do this: Question is why the the copy() command in the commit I mentioned prevents the ['X-CSRFToken'] to be sent? |
|
@JoakimBe, the copying happens before your config function ever runs. I guess we should have realized this could be a breaking change, it might be nice to have a convenience method to set them for all methods. |
|
@caitp , Okey, makes sense. So is it a bug or more of a behavioral change in the angular-lib? The conclusion of that question is, do we need to configure these header settings differently then we have in the past? Or will you create a fix for it in the coming versions? |
|
You need to configure them more heavily... we could write a convenience method to simplify it, but yeah for now you should set the header for each of the things that need it |
|
Ok, it worked like you said. I'am closing this issue. Thank you @caitp |
I updated my angular-lib from an early 1.2 release yesterday to 1.2.10 and all my POST,PUT and DELETE( CORS ) requests failed due to CSRF ( django backend ).
I started to go backwards and found and that the error started to occur between 1.2.8 and 1.2.9. To be specific, the following commit makes my requests fail:
cironunes@7812874
I did a quick test and changed the source-code in 1.2.10 back according to this commit and eveyrthing started working again.
Can anyone confirm this?
Hopefully I manage to get enough time tonight to setup a test-app that shows the problem if debugging needs to be done.
The text was updated successfully, but these errors were encountered: