Hi I think the issue is something to do with the "HttpOnly" flag: [image: image.png] Your cookie is locked to the http layer. Hope this helps
*Bastien Lemaire* On Thu, 18 Jun 2020 at 11:53, sandhya panchal <hariomsandhy...@gmail.com> wrote: > I am trying to access *csrftoken* sent in response header through *Django > Rest Framework API *to* Angular 8* , but unable to do that.The csrf token > is visible in developer tools in Chrome.please help me to resolve this > issue as i am trying this from 1 week. > > > > the above snippet shows the csrf token in Set-Cookie section.I want to > access this value in angular code so that i can send it in request to call > an api. > > I have attached Django Api *settings.py *file. > > Below is my angular code where i am trying to access the the headers from > response. > *Login code which is calling django api and in response getting various > headers.* > > login(email: string, password: string) { > > this.email = email; > return this.http.post<any>("http://127.0.0.1:8000/api/Login/", { > email, password },{ observe: 'response' }) > .pipe(tap((user) => { > > localStorage.setItem('currentUser', JSON.stringify(user)); > console.log(user); > console.log("csrftoken:" + user.headers.get('csrftoken')); > // tring to access csrf using headers > this.currentUserSubject.next(user); > this.data.setLoggedIn(true); > console.log("cookie data:"+this.Cookie.get('csrftoken')); > //trying to access using cookie > return user; > })); > } > > All other headers are accessible except *Set-Cookie:csrftoken* > response header. can anybody please help me out here?Any help will be > appreciated. > > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Angular and AngularJS discussion" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to angular+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/angular/a449e596-ac4b-4177-be9c-eb7a30d03214o%40googlegroups.com > <https://groups.google.com/d/msgid/angular/a449e596-ac4b-4177-be9c-eb7a30d03214o%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to angular+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/angular/CAJ7E9zGmCvkS-QGCucvh8M6%3DjkRw8-qooc9yuVNYJ3q6%3D4ERyQ%40mail.gmail.com.