i have project where i using spring as backend (generated with microservices with jhipster) and angular5 as frontend
on server side setup CSRF security is added(it was by default enable when we create microservices with Jhipster)
as i work with angular , there is no need to make changes in angular code for dealing with XSRF token sending(csrf and XSRF are same things)
question background :
when i test both UI and apis locally it works great.in this case server will setup cookies as XSRF-TOKEN on browser cache and angular app return this cookie in header for each request. this works fine at locally
angular app at local : http://localhost:4200
api gateway app local http://localhost:8080
question : when i deploy this app on dedicated server
angular app at : http://111.22.33.44/angualrapp
api gateway at : http://111.22.33.44:8080
(above are the assumed domain , same pattern used for my apps)
when i did this setup i have facing following problem - XSRF token is not getting stored at my browser cache - each request gives me 403 Forbidden error (because ,i thought XSRF-TOEKN is null)
Q 1 . how did i get solved above problem ?
Q 2 . Is this configuration is possible when Angular and Spring code is deployed to different domains(origins)?
Q 3 . can i facing this problem due to domains i allocated to apps ?