docs: change interceptor documentation (#30969)

PR Close #30969
This commit is contained in:
Schlemmer 2019-06-11 09:43:06 +02:00 committed by Andrew Kushnir
parent 98515e1ecf
commit 036294d566
1 changed files with 1 additions and 1 deletions

View File

@ -900,7 +900,7 @@ by returning an observable of simulated events.
[Cross-Site Request Forgery (XSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery) is an attack technique by which the attacker can trick an authenticated user into unknowingly executing actions on your website. `HttpClient` supports a [common mechanism](https://en.wikipedia.org/wiki/Cross-site_request_forgery#Cookie-to-Header_Token) used to prevent XSRF attacks. When performing HTTP requests, an interceptor reads a token from a cookie, by default `XSRF-TOKEN`, and sets it as an HTTP header, `X-XSRF-TOKEN`. Since only code that runs on your domain could read the cookie, the backend can be certain that the HTTP request came from your client application and not an attacker.
By default, an interceptor sends this cookie on all mutating requests (POST, etc.)
By default, an interceptor sends this header on all mutating requests (POST, etc.)
to relative URLs but not on GET/HEAD requests or
on requests with an absolute URL.