$http
(service in module ng
)
The $http service is a core Angular service that facilitates communication with the remote
HTTP servers via browser's XMLHttpRequest object or via JSONP.
For unit testing applications that use $http service, see
$httpBackend mock.
For a higher level of abstraction, please check out the $resource service.
The $http API is based on the deferred/promise APIs exposed by
the $q service. While for simple usage patters this doesn't matter much, for advanced usage,
it is important to familiarize yourself with these apis and guarantees they provide.
The $http service is a function which takes a single argument — a configuration object —
that is used to generate an http request and returns a promise
with two $http specific methods: success and error.
$http({method: 'GET', url: '/someUrl'}).
success(function(data, status, headers, config) {
// this callback will be called asynchronously
// when the response is available
}).
error(function(data, status, headers, config) {
// called asynchronously if an error occurs
// or server returns response with an error status.
});
Since the returned value of calling the $http function is a Promise object, you can also use
the then method to register callbacks, and these callbacks will receive a single argument –
an object representing the response. See the api signature and type info below for more
details.
A response status code that falls in the [200, 300) range is considered a success status and will result in the success callback being called. Note that if the response is a redirect, XMLHttpRequest will transparently follow it, meaning that the error callback will not be called for such responses.
Since all invocation of the $http service require definition of the http method and url and POST and PUT requests require response body/data to be provided as well, shortcut methods were created to simplify using the api:
$http.get('/someUrl').success(successCallback);
$http.post('/someUrl', data).success(successCallback);
Complete list of shortcut methods:
The $http service will automatically add certain http headers to all requests. These defaults
can be fully configured by accessing the $httpProvider.defaults.headers configuration
object, which currently contains this default configuration:
$httpProvider.defaults.headers.common (headers that are common for all requests):
Accept: application/json, text/plain, * / *$httpProvider.defaults.headers.post: (header defaults for HTTP POST requests)
Content-Type: application/json$httpProvider.defaults.headers.put (header defaults for HTTP PUT requests)
Content-Type: application/jsonTo add or overwrite these defaults, simply add or remove a property from this configuration
objects. To add headers for an HTTP method other than POST or PUT, simply add a new object
with name equal to the lower-cased http method name, e.g.
$httpProvider.defaults.headers.get['My-Header']='value'.
Additionally, the defaults can be set at runtime via the $http.defaults object in a similar
fassion as described above.
Both requests and responses can be transformed using transform functions. By default, Angular applies these transformations:
Request transformations:
data property of the request config object contains an object, serialize it into
JSON format.Response transformations:
To override these transformation locally, specify transform functions as transformRequest
and/or transformResponse properties of the config object. To globally override the default
transforms, override the $httpProvider.defaults.transformRequest and
$httpProvider.defaults.transformResponse properties of the $httpProvider.
To enable caching set the configuration property cache to true. When the cache is
enabled, $http stores the response from the server in local cache. Next time the
response is served from the cache without sending a request to the server.
Note that even if the response is served from cache, delivery of the data is asynchronous in the same way that real requests are.
If there are multiple GET requests for the same url that should be cached using the same cache, but the cache is not populated yet, only one request to the server will be made and the remaining requests will be fulfilled using the response for the first request.
Before you start creating interceptors, be sure to understand the
$q and deferred/promise APIs.
For purposes of global error handling, authentication or any kind of synchronous or
asynchronous preprocessing of received responses, it is desirable to be able to intercept
responses for http requests before they are handed over to the application code that
initiated these requests. The response interceptors leverage the promise apis to fulfil this need for both synchronous and asynchronous preprocessing.
The interceptors are service factories that are registered with the $httpProvider by
adding them to the $httpProvider.responseInterceptors array. The factory is called and
injected with dependencies (if specified) and returns the interceptor — a function that
takes a promise and returns the original or a new promise.
// register the interceptor as a service
$provide.factory('myHttpInterceptor', function($q, dependency1, dependency2) {
return function(promise) {
return promise.then(function(response) {
// do something on success
}, function(response) {
// do something on error
if (canRecover(response)) {
return responseOrNewPromise
}
return $q.reject(response);
});
}
});
$httpProvider.responseInterceptors.push('myHttpInterceptor');
// register the interceptor via an anonymous factory
$httpProvider.responseInterceptors.push(function($q, dependency1, dependency2) {
return function(promise) {
// same as above
}
});
When designing web applications, consider security threats from:
Both server and the client must cooperate in order to eliminate these threats. Angular comes pre-configured with strategies that address these issues, but for this to work backend server cooperation is required.
A JSON Vulnerability allows third party web-site to turn your JSON resource URL into
JSONP request under some conditions. To
counter this your server can prefix all JSON requests with following string ")]}',\n".
Angular will automatically strip the prefix before processing it as JSON.
For example if your server needs to return:
['one','two']
which is vulnerable to attack, your server can return:
)]}', ['one','two']
Angular will strip the prefix, before processing the JSON.
XSRF is a technique by which
an unauthorized site can gain your user's private data. Angular provides following mechanism
to counter XSRF. When performing XHR requests, the $http service reads a token from a cookie
called XSRF-TOKEN and sets it as the HTTP header X-XSRF-TOKEN. Since only JavaScript that
runs on your domain could read the cookie, your server can be assured that the XHR came from
JavaScript running on your domain. The header will not be set for cross-domain requests.
To take advantage of this, your server needs to set a token in a JavaScript readable session
cookie called XSRF-TOKEN on first HTTP GET request. On subsequent non-GET requests the
server can verify that the cookie matches X-XSRF-TOKEN HTTP header, and therefore be sure
that only JavaScript running on your domain could have read the token. The token must be
unique for each user and must be verifiable by the server (to prevent the JavaScript making
up its own tokens). We recommend that the token is a digest of your site's authentication
cookie with salt for added security.
$http(config);
config – {object} –
Object describing the request to be made and how it should be processed. The object has following properties:
{string} – HTTP method (e.g. 'GET', 'POST', etc){string} – Absolute or relative URL of the resource that is being requested.{Object.<string|Object>} – Map of strings or objects which will be turned to
?key1=value1&key2=value2 after the url. If the value is not a string, it will be JSONified.{string|Object} – Data to be sent as the request message data.{Object} – Map of strings representing HTTP headers to send to the server.{function(data, headersGetter)|Array.<function(data, headersGetter)>} –
transform function or an array of such functions. The transform function takes the http
request body and headers and returns its transformed (typically serialized) version.{function(data, headersGetter)|Array.<function(data, headersGetter)>} –
transform function or an array of such functions. The transform function takes the http
response body and headers and returns its transformed (typically deserialized) version.{boolean|Cache} – If true, a default $http cache will be used to cache the
GET request, otherwise if a cache instance built with
$cacheFactory, this cache will be used for
caching.{number} – timeout in milliseconds.{boolean} - whether to to set the withCredentials flag on the
XHR object. See requests with credentials for more information.{string} - see requestType.{HttpPromise}
– Returns a promise object with the
standard then method and two http specific methods: success and error. The then
method takes two arguments a success and an error callback which will be called with a
response object. The success and error methods take a single argument - a function that
will be called when the request succeeds or fails respectively. The arguments passed into
these functions are destructured representation of the response object passed into the
then method. The response object has these properties:
{string|Object} – The response body transformed with the transform functions.{number} – HTTP status code of the response.{function([headerName])} – Header getter function.{Object} – The configuration object that was used to generate the request.Shortcut method to perform DELETE request
url – {string} –
Relative or absolute URL specifying the destination of the request
config(optional) – {Object=} –
Optional configuration object
{HttpPromise}
– Future object
Shortcut method to perform GET request
url – {string} –
Relative or absolute URL specifying the destination of the request
config(optional) – {Object=} –
Optional configuration object
{HttpPromise}
– Future object
Shortcut method to perform HEAD request
url – {string} –
Relative or absolute URL specifying the destination of the request
config(optional) – {Object=} –
Optional configuration object
{HttpPromise}
– Future object
Shortcut method to perform JSONP request
url – {string} –
Relative or absolute URL specifying the destination of the request.
Should contain JSON_CALLBACK string.
config(optional) – {Object=} –
Optional configuration object
{HttpPromise}
– Future object
Shortcut method to perform POST request
url – {string} –
Relative or absolute URL specifying the destination of the request
data – {*} –
Request content
config(optional) – {Object=} –
Optional configuration object
{HttpPromise}
– Future object
Shortcut method to perform PUT request
url – {string} –
Relative or absolute URL specifying the destination of the request
data – {*} –
Request content
config(optional) – {Object=} –
Optional configuration object
{HttpPromise}
– Future object
Runtime equivalent of the $httpProvider.defaults property. Allows configuration of
default headers, withCredentials as well as request and response transformations.
See "Setting HTTP Headers" and "Transforming Requests and Responses" sections above.
Array of config objects for currently pending requests. This is primarily meant to be used for debugging purposes.