CSRF TOKEN and consume RESTful API

heey guys, i’m working on a hybrid App with ionic1 & angular 1, and i have a RESTful web service in server built with JEE i use SPRING SECURITY which use CSRF PROTECTION ,so now my hyb app should consumes web service problem and as you know i got 403 from server because i didn’t include CSRF token in request so how can i get back the CSRF token from server and how can i include it i request ? note that i use XML config for spring security . PLZ guys i hope that someone gives me a solution and thank u v much .

You should receive Csrf token from server either in header or in cookie. You can check this with developer tools. But which Api endpoint actually sends you valid Csrf depends on API. Maybe login?

if you are using csrf you need a token for each request “form submit”. Depends on if your server consumes form-data or json data.

If it consumes form-data you should add a hidden input with the current csrf token. so there should be a rest-endpoint to get the csrf token for the current form

You don’t need any csrf token - see this

now i add filter who send token in cookies so when i test with postman i can see the cookie of token in cookie tab of postman but problem is when i try to get this cookie in my angularJS controller i already installed ngCookie and i do $cookies.get(‘XSRF-TOKEN’) show me that is undifined ?? can you help plz

now i add filter who send token in cookies so when i test with postman i can see the cookie of token in cookie tab of postman but problem is when i try to get this cookie in my angularJS controller i already installed ngCookie and i do $cookies.get(‘XSRF-TOKEN’) show me that is undifined ?? where is the problem

You should probably read cookie from the $http call response :

.then((response) => {
  console.log(response.headers('set-cookie'));
});  

Stackoverflow link