View source Improve this doc

$http

service in module ng

Description

The $http service is a core Angular service that facilitates communication with the remote HTTP servers via the browser's XMLHttpRequest object or via JSONP.

For unit testing applications that use $http service, see $httpBackend mock.

For a higher level of abstraction, please check out the $resource service.

The $http API is based on the deferred/promise APIs exposed by the $q service. While for simple usage patterns this doesn't matter much, for advanced usage it is important to familiarize yourself with these APIs and the guarantees they provide.

General usage

The $http service is a function which takes a single argument — a configuration object — that is used to generate an HTTP request and returns a promise with two $http specific methods: success and error.

  1.   $http({method: 'GET', url: '/someUrl'}).
  2.     success(function(data, status, headers, config) {
  3.       // this callback will be called asynchronously
  4.       // when the response is available
  5.     }).
  6.     error(function(data, status, headers, config) {
  7.       // called asynchronously if an error occurs
  8.       // or server returns response with an error status.
  9.     });

Since the returned value of calling the $http function is a promise, you can also use the then method to register callbacks, and these callbacks will receive a single argument – an object representing the response. See the API signature and type info below for more details.

A response status code between 200 and 299 is considered a success status and will result in the success callback being called. Note that if the response is a redirect, XMLHttpRequest will transparently follow it, meaning that the error callback will not be called for such responses.

Calling $http from outside AngularJS

The $http service will not actually send the request until the next $digest() is executed. Normally this is not an issue, since almost all the time your call to $http will be from within a $apply() block. If you are calling $http from outside Angular, then you should wrap it in a call to $apply to cause a $digest to occur and also to handle errors in the block correctly.

  1. $scope.$apply(function() {
  2.   $http(...);
  3. });

Writing Unit Tests that use $http

When unit testing you are mostly responsible for scheduling the $digest cycle. If you do not trigger a $digest before calling $httpBackend.flush() then the request will not have been made and $httpBackend.expect(…) expectations will fail. The solution is to run the code that calls the $http() method inside a $apply block as explained in the previous section.

  1. $httpBackend.expectGET(...);
  2. $scope.$apply(function() {
  3.   $http.get(...);
  4. });
  5. $httpBackend.flush();

Shortcut methods

Since all invocations of the $http service require passing in an HTTP method and URL, and POST/PUT requests require request data to be provided as well, shortcut methods were created:

  1.   $http.get('/someUrl').success(successCallback);
  2.   $http.post('/someUrl', data).success(successCallback);

Complete list of shortcut methods:

Setting HTTP Headers

The $http service will automatically add certain HTTP headers to all requests. These defaults can be fully configured by accessing the $httpProvider.defaults.headers configuration object, which currently contains this default configuration:

  • $httpProvider.defaults.headers.common (headers that are common for all requests):
    • Accept: application/json, text/plain, * / *
  • $httpProvider.defaults.headers.post: (header defaults for POST requests)
    • Content-Type: application/json
  • $httpProvider.defaults.headers.put (header defaults for PUT requests)
    • Content-Type: application/json

To add or overwrite these defaults, simply add or remove a property from these configuration objects. To add headers for an HTTP method other than POST or PUT, simply add a new object with the lowercased HTTP method name as the key, e.g. `$httpProvider.defaults.headers.get = { 'My-Header' : 'value' }.

The defaults can also be set at runtime via the $http.defaults object in the same fashion. In addition, you can supply a headers property in the config object passed when calling $http(config), which overrides the defaults without changing them globally.

Transforming Requests and Responses

Both requests and responses can be transformed using transform functions. By default, Angular applies these transformations:

Request transformations:

  • If the data property of the request configuration object contains an object, serialize it into JSON format.

Response transformations:

  • If XSRF prefix is detected, strip it (see Security Considerations section below).
  • If JSON response is detected, deserialize it using a JSON parser.

To globally augment or override the default transforms, modify the $httpProvider.defaults.transformRequest and $httpProvider.defaults.transformResponse properties. These properties are by default an array of transform functions, which allows you to push or unshift a new transformation function into the transformation chain. You can also decide to completely override any default transformations by assigning your transformation functions to these properties directly without the array wrapper.

Similarly, to locally override the request/response transforms, augment the transformRequest and/or transformResponse properties of the configuration object passed into $http.

Caching

To enable caching, set the request configuration cache property to true (to use default cache) or to a custom cache object (built with $cacheFactory). When the cache is enabled, $http stores the response from the server in the specified cache. The next time the same request is made, the response is served from the cache without sending a request to the server.

Note that even if the response is served from cache, delivery of the data is asynchronous in the same way that real requests are.

If there are multiple GET requests for the same URL that should be cached using the same cache, but the cache is not populated yet, only one request to the server will be made and the remaining requests will be fulfilled using the response from the first request.

You can change the default cache to a new object (built with $cacheFactory) by updating the $http.defaults.cache property. All requests who set their cache property to true will now use this cache object.

If you set the default cache to false then only requests that specify their own custom cache object will be cached.

Interceptors

Before you start creating interceptors, be sure to understand the $q and deferred/promise APIs.

For purposes of global error handling, authentication, or any kind of synchronous or asynchronous pre-processing of request or postprocessing of responses, it is desirable to be able to intercept requests before they are handed to the server and responses before they are handed over to the application code that initiated these requests. The interceptors leverage the promise APIs to fulfill this need for both synchronous and asynchronous pre-processing.

The interceptors are service factories that are registered with the $httpProvider by adding them to the $httpProvider.interceptors array. The factory is called and injected with dependencies (if specified) and returns the interceptor.

There are two kinds of interceptors (and two kinds of rejection interceptors):

  • request: interceptors get called with http config object. The function is free to modify the config or create a new one. The function needs to return the config directly or as a promise.
  • requestError: interceptor gets called when a previous interceptor threw an error or resolved with a rejection.
  • response: interceptors get called with http response object. The function is free to modify the response or create a new one. The function needs to return the response directly or as a promise.
  • responseError: interceptor gets called when a previous interceptor threw an error or resolved with a rejection. 
  1.   // register the interceptor as a service
  2.   $provide.factory('myHttpInterceptor', function($q, dependency1, dependency2) {
  3.     return {
  4.       // optional method
  5.       'request': function(config) {
  6.         // do something on success
  7.         return config || $q.when(config);
  8.       },
  9.  
  10.       // optional method
  11.      'requestError': function(rejection) {
  12.         // do something on error
  13.         if (canRecover(rejection)) {
  14.           return responseOrNewPromise
  15.         }
  16.         return $q.reject(rejection);
  17.       },
  18.  
  19.  
  20.  
  21.       // optional method
  22.       'response': function(response) {
  23.         // do something on success
  24.         return response || $q.when(response);
  25.       },
  26.  
  27.       // optional method
  28.      'responseError': function(rejection) {
  29.         // do something on error
  30.         if (canRecover(rejection)) {
  31.           return responseOrNewPromise
  32.         }
  33.         return $q.reject(rejection);
  34.       };
  35.     }
  36.   });
  37.  
  38.   $httpProvider.interceptors.push('myHttpInterceptor');
  39.  
  40.  
  41.   // register the interceptor via an anonymous factory
  42.   $httpProvider.interceptors.push(function($q, dependency1, dependency2) {
  43.     return {
  44.      'request': function(config) {
  45.          // same as above
  46.       },
  47.       'response': function(response) {
  48.          // same as above
  49.       }
  50.     };
  51.   });

Response interceptors (DEPRECATED)

Before you start creating interceptors, be sure to understand the $q and deferred/promise APIs.

For purposes of global error handling, authentication or any kind of synchronous or asynchronous preprocessing of received responses, it is desirable to be able to intercept responses for http requests before they are handed over to the application code that initiated these requests. The response interceptors leverage the promise apis to fulfil this need for both synchronous and asynchronous preprocessing.

The interceptors are service factories that are registered with the $httpProvider by adding them to the $httpProvider.responseInterceptors array. The factory is called and injected with dependencies (if specified) and returns the interceptor — a function that takes a promise and returns the original or a new promise.

  1.   // register the interceptor as a service
  2.   $provide.factory('myHttpInterceptor', function($q, dependency1, dependency2) {
  3.     return function(promise) {
  4.       return promise.then(function(response) {
  5.         // do something on success
  6.         return response;
  7.       }, function(response) {
  8.         // do something on error
  9.         if (canRecover(response)) {
  10.           return responseOrNewPromise
  11.         }
  12.         return $q.reject(response);
  13.       });
  14.     }
  15.   });
  16.  
  17.   $httpProvider.responseInterceptors.push('myHttpInterceptor');
  18.  
  19.  
  20.   // register the interceptor via an anonymous factory
  21.   $httpProvider.responseInterceptors.push(function($q, dependency1, dependency2) {
  22.     return function(promise) {
  23.       // same as above
  24.     }
  25.   });

Security Considerations

When designing web applications, consider security threats from:

Both server and the client must cooperate in order to eliminate these threats. Angular comes pre-configured with strategies that address these issues, but for this to work backend server cooperation is required.

JSON Vulnerability Protection

A JSON vulnerability allows third party website to turn your JSON resource URL into JSONP request under some conditions. To counter this your server can prefix all JSON requests with following string ")]}',\n". Angular will automatically strip the prefix before processing it as JSON.

For example if your server needs to return: 

  1. ['one','two']

which is vulnerable to attack, your server can return: 

  1. )]}',
  2. ['one','two']

Angular will strip the prefix, before processing the JSON.

Cross Site Request Forgery (XSRF) Protection

XSRF is a technique by which an unauthorized site can gain your user's private data. Angular provides a mechanism to counter XSRF. When performing XHR requests, the $http service reads a token from a cookie (by default, XSRF-TOKEN) and sets it as an HTTP header (X-XSRF-TOKEN). Since only JavaScript that runs on your domain could read the cookie, your server can be assured that the XHR came from JavaScript running on your domain. The header will not be set for cross-domain requests.

To take advantage of this, your server needs to set a token in a JavaScript readable session cookie called XSRF-TOKEN on the first HTTP GET request. On subsequent XHR requests the server can verify that the cookie matches X-XSRF-TOKEN HTTP header, and therefore be sure that only JavaScript running on your domain could have sent the request. The token must be unique for each user and must be verifiable by the server (to prevent the JavaScript from making up its own tokens). We recommend that the token is a digest of your site's authentication cookie with a salt) for added security.

The name of the headers can be specified using the xsrfHeaderName and xsrfCookieName properties of either $httpProvider.defaults, or the per-request config object.

Dependencies

  • $httpBackend
  • $browser
  • $cacheFactory
  • $rootScope
  • $q
  • $injector

Usage

  1. $http(config);

Parameters

ParamTypeDetails
configobject Object describing the request to be made and how it should be processed. The object has following properties: - method – {string} – HTTP method (e.g. 'GET', 'POST', etc) - url – {string} – Absolute or relative URL of the resource that is being requested. - params – {Object.} – Map of strings or objects which will be turned to ?key1=value1&key2=value2 after the url. If the value is not a string, it will be JSONified. - data – {string|Object} – Data to be sent as the request message data. - headers – {Object} – Map of strings or functions which return strings representing HTTP headers to send to the server. If the return value of a function is null, the header will not be sent. - xsrfHeaderName – {string} – Name of HTTP header to populate with the XSRF token. - xsrfCookieName – {string} – Name of cookie containing the XSRF token. - transformRequest – {function(data, headersGetter)|Array.} – transform function or an array of such functions. The transform function takes the http request body and headers and returns its transformed (typically serialized) version. - transformResponse – {function(data, headersGetter)|Array.} – transform function or an array of such functions. The transform function takes the http response body and headers and returns its transformed (typically deserialized) version. - cache – {boolean|Cache} – If true, a default $http cache will be used to cache the GET request, otherwise if a cache instance built with $cacheFactory, this cache will be used for caching. - timeout – {number|Promise} – timeout in milliseconds, or promise that should abort the request when resolved. - withCredentials - {boolean} - whether to to set the withCredentials flag on the XHR object. See requests with credentials for more information. - responseType - {string} - see requestType.

Returns

HttpPromise Returns a promise object with the standard then method and two http specific methods: success and error. The then method takes two arguments a success and an error callback which will be called with a response object. The success and error methods take a single argument - a function that will be called when the request succeeds or fails respectively. The arguments passed into these functions are destructured representation of the response object passed into the then method. The response object has these properties: - data – {string|Object} – The response body transformed with the transform functions. - status – {number} – HTTP status code of the response. - headers – {function([headerName])} – Header getter function. - config – {Object} – The configuration object that was used to generate the request.

Methods

  • delete(url, config)

Shortcut method to perform DELETE request.

Parameters

ParamTypeDetailsurlstring

Relative or absolute URL specifying the destination of the request

config (optional) Object

Optional configuration object

Returns

HttpPromise

Future object

  • get(url, config)

Shortcut method to perform GET request.

Parameters

ParamTypeDetailsurlstring

Relative or absolute URL specifying the destination of the request

config (optional) Object

Optional configuration object

Returns

HttpPromise

Future object

  • head(url, config)

Shortcut method to perform HEAD request.

Parameters

ParamTypeDetailsurlstring

Relative or absolute URL specifying the destination of the request

config (optional) Object

Optional configuration object

Returns

HttpPromise

Future object

  • jsonp(url, config)

Shortcut method to perform JSONP request.

Parameters

ParamTypeDetailsurlstring

Relative or absolute URL specifying the destination of the request. Should contain JSON_CALLBACK string.

config (optional) Object

Optional configuration object

Returns

HttpPromise

Future object

  • post(url, data, config)

Shortcut method to perform POST request.

Parameters

ParamTypeDetailsurlstring

Relative or absolute URL specifying the destination of the request

data*

Request content

config (optional) Object

Optional configuration object

Returns

HttpPromise

Future object

  • put(url, data, config)

Shortcut method to perform PUT request.

Parameters

ParamTypeDetailsurlstring

Relative or absolute URL specifying the destination of the request

data*

Request content

config (optional) Object

Optional configuration object

Returns

HttpPromise

Future object

Properties

  • defaults

Runtime equivalent of the $httpProvider.defaults property. Allows configuration of default headers, withCredentials as well as request and response transformations.

See "Setting HTTP Headers" and "Transforming Requests and Responses" sections above.

  • pendingRequests

Array of config objects for currently pending requests. This is primarily meant to be used for debugging purposes.

Example

Source

  1.  
  1.  
  1.  
  1.  

Demo