Angular 6 does not add X-XSRF-TOKEN header to http request
The problem once again is Angular’s poor documentation. The fact is, Angular will add the X-XSRF-TOKEN header only if the XSRF-TOKEN cookie was generated server-side with the following options: Path = / httpOnly = false (this is very important, and fully undocumented) Besides, the Angular app and the URL being called must reside on the … Read more