In case it's useful to anyone. For AngularJS 1.5x I wanted to set CSRF for all requests and I found that when I did this:
$httpProvider.defaults.headers.get = { 'CSRF-Token': afToken };
$httpProvider.defaults.headers.put = { 'CSRF-Token': afToken };
$httpProvider.defaults.headers.post = { 'CSRF-Token': afToken };
Angular removed the content type so I had to add this:
$httpProvider.defaults.headers.common = { "Content-Type": "application/json"};
Otherwise I get a 415 media type error.
So I am doing this to configure my application for all requests:
angular.module("myapp.maintenance", [])
.controller('maintenanceCtrl', MaintenanceCtrl)
.directive('convertToNumber', ConvertToNumber)
.config(configure);
MaintenanceCtrl.$inject = ["$scope", "$http", "$sce", "$window", "$document", "$timeout", "$filter", 'alertService'];
configure.$inject = ["$httpProvider"];
// configure the header tokens for CSRF for http operations in this module
function configure($httpProvider) {
const afToken = angular.element('input[id="__AntiForgeryToken"]').attr('value');
$httpProvider.defaults.headers.get = { 'CSRF-Token': afToken }; // only added for GET
$httpProvider.defaults.headers.put = { 'CSRF-Token': afToken }; // added for PUT
$httpProvider.defaults.headers.post = { 'CSRF-Token': afToken }; // added for POST
// for some reason if we do the above we have to set the default content type for all
// looks like angular clears it when we add our own headers
$httpProvider.defaults.headers.common = { "Content-Type": "application/json" };
}