Giter Club home page Giter Club logo

Comments (6)

mgonto avatar mgonto commented on May 27, 2024 4

Hey @cerdman,

So Restangular uses $http inside as the low level HTTP request handler. Therefore, if you use angular-jwt, the JWT will be sent on every request made by Restangular as well.

If you want the JWT to just be sent on some requests but not all of them (Like the usages for your withConfig), then you'd have to send the JWT manually instead of with these project. You could use Restangular.setDefaultHeaders to send it.

Does this help?

Thanks!

from angular-jwt.

simonepri avatar simonepri commented on May 27, 2024 4

Sorry if i'm updating an old issue.
@mgonto
I have not been able to make "angular-jwt" work with the jwtInterceptor as you suggested:

$httpProvider.interceptors.push('jwtInterceptor');

Regular $http requests have the 'Authorization' header correctly setted, but this is not true for the ones made by Restangular. (Maybe Restangular reset the request headers with its own defaults)
But i've figured out that Restangular provides its own interceptor, so i was able to set the 'Authorization' header manually by using this snippet:

RestangularProvider.setFullRequestInterceptor(function(element, operation, route, url, headers, params, httpConfig) {
  var jwt = $window.localStorage.getItem('jwt');
  if(jwt && !angular.isString(headers.Authorization)) {
    headers.Authorization = 'Bearer ' + jwt;
  }
  return {
    element: element,
    params: params,
    headers: headers,
    httpConfig: httpConfig
  };
});

It's not an elegant solution, but it works.
Hope it may be helpful for someone.

from angular-jwt.

AndrewJHart avatar AndrewJHart commented on May 27, 2024 3

Can confirm that Restangular is not respecting the http interceptor(s) as mentioned by @simonepri - Does anyone know why? I would be happy to contribute a fix if that sounds good.

Thanks,

from angular-jwt.

KidA001 avatar KidA001 commented on May 27, 2024

@mgonto - Thank you, this was helpful. Switching over to JWT myself and using restangular.

from angular-jwt.

bampakoa avatar bampakoa commented on May 27, 2024

I can also confirm that is not working in 0.1.9 version.

from angular-jwt.

wolfen351 avatar wolfen351 commented on May 27, 2024

I think this could be abused to harvest Jwt tokens - if you can convince restangular to call to another domain, it will happily send the token without checking the whitelist - I think there must be a way to call the jwtInterceptor manually within this call

from angular-jwt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.