# Angular Missing HTTP Security Interceptor

- ID: angular-http-interceptor-missing
- Severity: HIGH
- CWE: Cross-Site Request Forgery (CWE-352)
- Languages: JavaScript, TypeScript

## Description

Missing HTTP interceptors require manual token and CSRF protection on every request,
leading to inconsistent security and unauthorized API access.

## Detection Message

HttpClient used without security interceptors. Missing centralized authentication, CSRF protection, and security headers.

## Remediation

Create an HTTP interceptor to add authentication tokens to all requests.

```typescript
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
  constructor(private auth: AuthService) {}

  intercept(req: HttpRequest<any>, next: HttpHandler) {
    const token = this.auth.getToken();
    if (token) {
      req = req.clone({
        headers: req.headers.set('Authorization', `Bearer ${token}`)
      });
    }
    return next.handle(req);
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-352/http-interceptor-missing

## Documentation

[object Object]

## Related Rules

- **Django Missing CSRF Protection** [HIGH]: 
- **Missing CSRF Protection (Gin)** [HIGH]: