Javascript 设置auth'安全吗;饼干';人工进入拦截器?
在我的angular应用程序中,我有这样的拦截器类:Javascript 设置auth'安全吗;饼干';人工进入拦截器?,javascript,angular,http,cookies,angular-universal,Javascript,Angular,Http,Cookies,Angular Universal,在我的angular应用程序中,我有这样的拦截器类: import { Injectable, Inject, Optional, PLATFORM_ID } from '@angular/core'; import { HttpInterceptor, HttpHandler, HttpRequest, } from '@angular/common/http'; import { REQUEST } from '@nguniversal/express-engine/tokens
import { Injectable, Inject, Optional, PLATFORM_ID } from '@angular/core';
import {
HttpInterceptor,
HttpHandler,
HttpRequest,
} from '@angular/common/http';
import { REQUEST } from '@nguniversal/express-engine/tokens';
import { isPlatformServer } from '@angular/common';
@Injectable()
export class UniversalInterceptor implements HttpInterceptor {
constructor(
@Inject(PLATFORM_ID) private platformId,
@Optional() @Inject(REQUEST) private request
) {}
intercept(req: HttpRequest<any>, next: HttpHandler) {
if (isPlatformServer(this.platformId)) {
req = req.clone({ headers: req.headers.set('Cookie', this.request.headers.cookie) });
}
return next.handle(req);
}
}
从'@angular/core'导入{Injectable,injection,可选,PLATFORM_ID};
进口{
HttpInterceptor,
HttpHandler,
HttpRequest,
}来自“@angular/common/http”;
从'@nguniversal/express engine/tokens'导入{REQUEST};
从“@angular/common”导入{isPlatformServer};
@可注射()
导出类UniversalInterceptor实现HttpInterceptor{
建造师(
@注入(平台ID)私有平台ID,
@可选()@注入(请求)私有请求
) {}
拦截(请求:HttpRequest,下一步:HttpHandler){
if(isPlatformServer(this.platformId)){
req=req.clone({headers:req.headers.set('Cookie',this.request.headers.Cookie)});
}
返回next.handle(req);
}
}
我使用Angular Universal服务器端渲染,所以我从服务器获取令牌,并手动设置服务器将调用的每个API调用。一切正常,但安全吗?我在每个API请求的头中手动设置令牌cookie,这可能有点风险?我可能错了,但我认为只有当您将cookie发送到您不拥有的API时才有关系,在这种情况下,您可能会向第三方发送敏感信息 如果您没有API,您可以尝试解析cookies字符串(
this.request.headers.cookie
),并只传递API需要的内容