fix(xsrf): overwrite already set xsrf header

2016-08-19 09:07:48 +02:00 · 2016-08-19 09:07:48 +02:00 · b4265e0685
parent 178fb79b5c
commit b4265e0685
2 changed files with 3 additions and 3 deletions
--- a/modules/@angular/http/src/backends/xhr_backend.ts
+++ b/modules/@angular/http/src/backends/xhr_backend.ts
@ -187,7 +187,7 @@ export class CookieXSRFStrategy implements XSRFStrategy {

  configureRequest(req: Request) {
    let xsrfToken = __platform_browser_private__.getDOM().getCookie(this._cookieName);
-    if (xsrfToken && !req.headers.has(this._headerName)) {
+    if (xsrfToken) {
      req.headers.set(this._headerName, xsrfToken);
    }
  }
--- a/modules/@angular/http/test/backends/xhr_backend_spec.ts
+++ b/modules/@angular/http/test/backends/xhr_backend_spec.ts
@ -124,11 +124,11 @@ export function main() {
          backend.createConnection(sampleRequest);
          expect(sampleRequest.headers.get('X-XSRF-TOKEN')).toBe('magic XSRF value');
        });
-        it('respects existing headers', () => {
+        it('should allow overwriting of existing headers', () => {
          getDOM().setCookie('XSRF-TOKEN', 'magic XSRF value');
          sampleRequest.headers.set('X-XSRF-TOKEN', 'already set');
          backend.createConnection(sampleRequest);
-          expect(sampleRequest.headers.get('X-XSRF-TOKEN')).toBe('already set');
+          expect(sampleRequest.headers.get('X-XSRF-TOKEN')).toBe('magic XSRF value');
        });

        describe('configuration', () => {