Options
All
  • Public
  • Public/Protected
  • All
Menu

Interface XSRFOptions

Provides optional overrides for XSRF cookie and header names. Can be passed to {@link module:data/utils.withXSRF withXSRF} when wrapping a fetch operation.

example
import { fetch } from '~/path/to/datalayer';

export const safeFetch = data.utils.withXSRF(fetch, {
  cookie: 'XSRF-MY-APP',
  header: 'X-XSRF-MY-APP',
  hosts: ['*.my-app.com']
});

Hierarchy

  • XSRFOptions

Index

Properties

Properties

Optional cookie

cookie?: string

The name of the cookie sent by the server that has the user's XSRF token value.

default

'XSRF-TOKEN'

Optional header

header?: string

The name of the request header to set. The server should ensure this value matches the user's expected XSRF token.

default

'x-xsrf-token'

Optional hosts

hosts?: string[]

A whitelist of patterns used to determine which host names the XSRF token will be sent to even when making a cross-origin request. For example, a site running on www.server.com would not normally include the XSRF token header on any requests to the api.server.com subdomain since the hostnames don't exactly match. However, if you added api.server.com or *.server.com to the hosts array (and if the port and protocol both still matched the origin's port and protocol), the header would be sent.