import { NgModule, Injectable } from '@angular/core';import { Observable } from

1. import { NgModule, Injectable } from '@angular/core';
2. import { Observable } from "rxjs/Observable";
3. import { HttpRequest, HttpHandler, HttpEvent, HttpXsrfTokenExtractor, HttpInterceptor } from "@angular/common/http";
4.  
5. @Injectable()
6. export class XsrfInterceptor implements HttpInterceptor {
7.  
8. constructor(private tokenExtractor: HttpXsrfTokenExtractor) {
9. }
10.  
11. intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
12. const headerName = 'X-XSRF-TOKEN';
13. console.log("xsrf intercepter called");
14. let requestToForward = req;
15. let token = this.tokenExtractor.getToken() as string;
16. console.log(token);
17. if (token !== null) {
18. requestToForward = req.clone({ setHeaders: {headerName: token } });
19. }
20. return next.handle(requestToForward);
21. }
22. }
23.  
24. providers: [
25. LoginService,
26. AuthGuardLogin,
27. { provide: HTTP_INTERCEPTORS, useClass: XsrfInterceptor, multi: true }
28. ],
29.  
30. let httpHeader = new RequestOptions({
31. headers: new Headers({
32. 'Content-Type': 'application/json',
33. 'x-auth-token': this.authToken
34. })
35. })
36.  
37. Access-Control-Allow-Credentials:true
38. Access-Control-Allow-Headers:Access-Control-Allow-Origin, Access-Control-Allow-Headers, Accept, X-XSRF-TOKEN, XSRF-TOKEN, X-Requested-By, Content-Type, Origin, Authorization, X-Requested-With, x-auth-token, OPTIONS
39. Access-Control-Allow-Methods:POST, GET, PUT, OPTIONS
40. Access-Control-Allow-Origin:http://localhost:7070
41. Access-Control-Expose-Headers:x-auth-token, XSRF-TOKEN, X-XSRF-TOKEN
42. Access-Control-Max-Age:3600
43. Cache-Control:no-cache, no-store, max-age=0, must-revalidate
44. Date:Fri, 24 Nov 2017 06:42:20 GMT
45. Expires:0
46. Pragma:no-cache
47. Referrer-Policy:same-origin
48. Set-Cookie:XSRF-TOKEN=63f66e2a-1ad0-4641-8f36-27c16734a676;path=/mfleet;HttpOnly
49. Transfer-Encoding:chunked
50. x-auth-token:8d06b1da-c35b-42ea-ac28-eae51f3dd74d
51. X-Content-Type-Options:nosniff
52. X-Frame-Options:DENY
53. X-XSS-Protection:1; mode=block
54.  
55. Accept:application/json, text/plain, */*
56. Accept-Encoding:gzip, deflate, br
57. Accept-Language:en-US,en;q=0.9
58. Connection:keep-alive
59. Content-Type:application/json
60. Cookie:XSRF-TOKEN=63f66e2a-1ad0-4641-8f36-27c16734a676 **//this should be X-XSRF-TOKEN**
61. Host:localhost:7070
62. Referer:http://localhost:7070/dist/
63. User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
64. x-auth-token:8d06b1da-c35b-42ea-ac28-eae51f3dd74d
65.  
66. "@angular/animations": "^4.4.5",
67. "@angular/cdk": "^2.0.0-beta.8",
68. "@angular/common": "^4.0.0",
69. "@angular/compiler": "^4.0.0",
70. "@angular/core": "^4.0.0",
71. "@angular/forms": "^4.0.0",
72. "@angular/http": "4.0.0",
73. "@angular/material": "^2.0.0-beta.8",
74. "@angular/platform-browser": "^4.0.0",
75. "@angular/platform-browser-dynamic": "^4.0.0",
76. "@angular/router": "^4.0.0",