What is httpinterceptor equivalent in angular2?

As @G√ľnter pointed it out, there is no way to register interceptors. You need to extend the Http class and put your interception processing around HTTP calls First you could create a class that extends the Http: @Injectable() export class CustomHttp extends Http { constructor(backend: ConnectionBackend, defaultOptions: RequestOptions) { super(backend, defaultOptions); } request(url: string | …

Read more

Detecting the character encoding of an HTTP POST request

the default encoding of a HTTP POST is ISO-8859-1. else you have to look at the Content-Type header that will then look like Content-Type: application/x-www-form-urlencoded ; charset=UTF-8 You can maybe declare your form with <form enctype=”application/x-www-form-urlencoded;charset=UTF-8″> or <form accept-charset=”UTF-8″> to force the encoding. Some references : http://www.htmlhelp.com/reference/html40/forms/form.html http://www.w3schools.com/tags/tag_form.asp

How to spoof http referer

Yes. The HTTP_REFERER is data passed by the client. Any data passed by the client can be spoofed/forged. This includes HTTP_USER_AGENT. If you wrote the web browser, you’re setting and sending the HTTP Referrer and User-Agent headers on the GET, POST, etc. You can also use middleware such as a web proxy to alter these. …

Read more

Is it more efficient to store the permissions of the user in an JWT claim or to check it on the server at every request?

Your first question: Is the extra overhead on each request by sending the permissions to the server worth avoiding the hassle of looking up the permissions upon each request? Answer: Let’s have a look at the description jwt.io provides on when to use JWTs: Authorization: This is the most common scenario for using JWT. Once …

Read more