I have an Angular/Restangular application that appends a X-CSRFToken header to all POST requests to a backend REST API. The value of the header is extracted from $cookies.csrftoken. This is necessary because of a behaviour of the Django backend with SessionAuthentication - it requires this header for POST requests. CORS is configured between the domains of the frontend and backend.
This works nicely in a normal browser session in either Chrome or Firefox.
When running via Webdriver and Protractor, the csrftoken cookie is indeed present and sent, but $cookies is empty to Angular and thus so is X-CSRFToken. I can clearly see this happen with print debug and in debugger during the Firefox instance spawned by webdriver.
This only happens when running the test suite via protractor. I can't replicate the empty $cookies any other way. I'm also surprised that behaviour can be so different under the test framework.
Any ideas? Am I missing something?
