How to prevent CSRF attack in angular7 when I use XMLHttpRequest
let xhr = new XMLHttpRequest(); var inputData = {};
xhr.open('POST', this.hostUrlConstants["baseUrl"] + this.pathUrlConstants["xxxx"] + this.pathUrlConstants["yyy"] + "/" + scenarioId, true);
Fortunately, this request will not be executed by modern web browsers thanks to same-origin policy restrictions. This restriction is enabled by default unless the target web site explicitly opens up cross-origin requests from the attacker's (or everyone's) origin by using CORS with the following header:
Access-Control-Allow-Origin: *
