The issue your vuln reporter is highlighting is the standard weakness of cookie-based CSRF protection. There are ways to plant cookies on a site - in particular, if the site doesn't use HTTP Strict Transport Security, a local network attacker (or anybody else with a man-in-the-middle position) can usually plant a cookie via HTTP that will also be sent in HTTPS (what happens when HTTP-set and HTTPS-set cookies are both set with the same name depends on the browser and sometimes also on the server, but an attacker can usually adjust for that). However, this isn't actually vulnerable, even to the extent that double-submit cookies are generally a vulnerable method of CSRF prevention. The reason actually has nothing to do with either the cookie or the value. Instead, it's quite simple: a cross-site request from a browser simply can't set any custom header unless you deliberately configure CORS to allow this. If you haven't configured CORS to allow setting that header, then the actual value of the header can be random, constant, or even empty - and doesn't need to be validated beyond ensuring that the header is present at all - and you'll be safe from CSRF. Note also that it's entirely possible to make CSRF protection stateless without introducing any (new) cookies. Have the server provide the client (either in page content or in an API response) with an HMAC of the session token (whether it be a random token, a JWT, or something else) using a key that is the same across the server cluster but not exposed to the clients. Use that HMAC as your anti-CSRF token, passed in whatever method you want (other than cookies or other automatically-sent content, of course; I recommend a header for the reason above but POST bodies work fine too). Validating an HMAC is extremely fast, the key is the only server-side data required and is both short and constant, it's guaranteed to be unique not only to every user but to every session of that user (at least, as unique as your session tokens themselves are, which is hopefully the case), and it doesn't expose any meaningful data about the session token even if an attacker learns the CSRF token value somehow.

To send files to servers, we need to initialize FileUploader, $scope.uploaderImages = new FileUploader({ url: 'http://newsimageupload/' + newsService.editNews.id, removeAfterUpload: true }); For loading, call the method: $scope.uploaderImages.uploadAll(); And all the files have already been decided in the library.

Yeah, you've done half the job, so it's got to look like,$routeProvider.when("/dashboard", { templateUrl: "путь к странице" });

There are several problems:You're having trouble marking.Also, look what the result is returning your request.You don't have the right variable. URL2♪Try that.var app = angular.module('jsbin', []); app.controller('DemoCtrl', function($http) { var vm = this; var temp1 = []; var URL2; var icon; var URL = 'http://api.openweathermap.org/data/2.5/forecast/daily'; var request = { method: 'GET', url: URL, params: { q: 'Petrozavodsk', mode: 'json', units: 'imperial', cnt: '7', appid: '3ac1f68b653ffbf72a5f782420062771' } }; $http(request) .then(function(response) { vm.data = response.data; console.log(response.data); vm.URL2 = "http://openweathermap.org/img/w/" + vm.data.list[0].weather[0].icon + ".png"; }). catch(function(response) {}); });<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Angular JS</title> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js"></script> </head> <body ng-app="jsbin"> <div ng-controller="DemoCtrl as vm"> &lt;script src="http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.7/weatherscript.js"&gt;&lt;/script&gt; &lt;script src="weather.js"&gt;&lt;/script&gt; &lt;h1&gt;&lt;b&gt;{{vm.data.city.name}}&lt;/b&gt;&lt;/h1&gt; &lt;h1&gt;&lt;b&gt;{{vm.data.city.country}}&lt;/b&gt;&lt;/h1&gt; &lt;font color="red"&gt; &lt;h1&gt;&lt;b&gt;temp.day:&lt;/b&gt;&lt;/h1&gt; &lt;/font&gt; &lt;h1&gt;&lt;b&gt;{{vm.data.list[0].temp.day}}&lt;/b&gt;&lt;/h1&gt; &lt;font color="red"&gt; &lt;h1&gt;&lt;b&gt;weather.main:&lt;/b&gt;&lt;/h1&gt;&lt;/font&gt; &lt;h1&gt;&lt;b&gt;{{vm.data.list[0].weather[0].description}}&lt;/b&gt;&lt;/h1&gt; &lt;!-- влажность работает--&gt; &lt;font color="red"&gt; &lt;h1&gt;&lt;b&gt;humidity:&lt;/b&gt;&lt;/h1&gt;&lt;/font&gt; &lt;h1&gt;&lt;b&gt;{{vm.data.list[0].humidity}}&lt;/b&gt;&lt;/h1&gt; &lt;font color="red"&gt; {{vm.data.list[0].weather[0].description}} <h1><b>{{vm.data.list[0].snow}}</b></h1> давление работает <h1><b>{{vm.data.list[0].weather.icon}}</b></h1></font> &lt;img src='http://openweathermap.org/img/w/13d.png' alt='Icon depicting current weather.'&gt; &lt;div&gt; Можно так &lt;img src="{{vm.URL2}}" alt='Icon depicting current weather.'&gt; &lt;/div&gt; &lt;div&gt; А можно и вот так &lt;img ng-src="http://openweathermap.org/img/w/{{vm.data.list[0].weather[0].icon}}.png" alt='Icon depicting current weather.'&gt; &lt;/div&gt; </div> </body> </html>

You probably forgot to.bower install

Use the POST request.$http.post('http://localhost:8088/api/rest.php/items/', data).then(function (response) { console.log(response); }, function (response) { console.log(response); });

You can set up a module to clean up. https://github.com/sirlantis/gulp-order For example:gulp.task('jsmin', function () { gulp.src('src/js/*.js') .pipe(order([ "vendor/app.js", "vendor/app2.js", "vendor/**/*.js", "app/**/*.js", "vendor/last.js", ])) .pipe(jsmin()) .pipe(concat('scripts.min.js')) .pipe(gulp.dest('build/js')); });

For the transmission of parameters get requested, they need to be indicated through params:$http.get('myUrl', {params: {country:"myCountry", format:"myFormat"}})...Try to transfer the parameters to the server:$scope.getPosts = function(){ var paramSearch = {}; paramSearch.country = "myCountry"; paramSearch.format = "myFormat"; $http.get('http://localhost:8088/api/rest.php/items', {params: paramSearch}) .success(function(){ console.log('done'); }); }; In the browser, press f12 - main network and look what data are transmitted.

You have incorrect brackets in the second bloc. For " You. ” https://jsfiddle.net/kLL3wdee/1/ <input ng-model="showSpecial1" type="checkbox" /> <div ng-show="showSpecial1" id="special1"> first </div> <input ng-model="showSpecial2" type="checkbox" /> <div ng-show="showSpecial2" id="special2"> last </div>

AngularJS works a little wrong. To send the parameters as you want, you need to turn them in. {params : {formula: input_value}}♪ It should be:self.calculate = function (event) { var input_value = event.currentTarget.value; console.log(input_value); $http.get('base/calc_logic.php?t=1', {params : {formula: input_value}}) .success(function (data) { console.log('success'); console.log('data:', data); }); };

Drop the default margin inline-block of elements, e.g. CSS margin-right: 4px.material-button { display: inline-block; margin-right: 4px; } Upd. For certainty, the margin could be further reduced by comment<a class="material-button"></a><!-- --><a class="material-button"></a>

The qwerty shall not be released as the variable is not defined in the scope, in the code below it is defined in the link function and removed.someAttr in the function link is nowhere to be determined, so it's a mistake ReferenceError: someAttr is not definedI hope the comments in the code will make it clear what going on in the directive.angular.module('helloHabrahabr', []) .directive('habraHabr', function() { return { template:"{{some}}-{{qwerty}}", //тут выводятся значения из scope scope:{ some:'@someAttr' //тут передача значения some-attr в scope.some }, link: function (scope, element, attrs) { var qwerty = attrs.someAttr; //получение значения из some-attr //scope.some = attrs.someAttr; //можно закомментировать some:'@someAttr' в scope и раскомментировать это scope.qwerty = 10; //qwerty теперь равно 10 console.log('qwerty', qwerty); console.log('someAttr', someAttr);// someAttr is not defined он нигде не определен в этой функции link } } });</code></pre><pre class="snippet-code-html lang-html prettyprint-override"><code>&lt;script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"&gt;&lt;/script&gt; <div ng-app="helloHabrahabr"> <span habra-habr="hello" some-attr="Hello Habr!"></span> </div>Also read https://docs.angularjs.org/guide/directive on directives

You can go another way. ng-model will keep the entire object chosen and don't need to be transferred to refreshing.Witch:<div ng-controller='myController'> <select name="region" id="region_of_birth" class="form-control" ng-options="item as item.Name for item in regionsList" ng-model="model.BornRegion" ng-change="refreshBornDistricts()"> <option></option> </select> {{ model.BornRegion }} </div> Controller:$scope.refreshBornDistricts = function () { console.log($scope.model.BornRegion); };

When I did something like that, when I changed the search form in the hat, I added a parameter to the urn. ?search=[строка поиска]In the counterpart of articles, check the value of the search parameter at first load and sign for changes$rootScope.$on( "$locationChangeSuccess", function(event, next, current) { // get articles }) So you'll have a direct reference to a search request, which might be convenient.

In fact, if not a small app, it's possible for smart-tv or similar, it's easier than naivela.Okay, now everyone's obsessed with ReactJS, and with nodejs react, they're talking to you with the possibility of one api back/front.The angull is, like, losing its meaning to modern projects.And now we're on the collection.If you're inclined to asynchronic, node + react already if you're willing (for your api) and so the whole bec can be packed with node modules, and it'll all work well.The bases are harder. If small amounts of data are *sql!If many chaotic and not structurally managed data (not relevant), mongoIf a more serious annex, the separation of data, partly from mongo, partly sql.So, to understand what you need, you need to understand the specific tasks of the application, its direction and architecture.

Judging by mistake, you don't have an Englishular.bower install angular -S

I've already decided that the words for each letter should be small, not the Big or even without any sign.post-summary - it's not a word, it's a element because the JS specifically finds a word in which there is a sign and a big letter (e.g.: postSummaryand accepts the request.It is therefore appropriate to make: postsummary - That's right!

Don't be embarrassed to connect jquery.still. http://%3Cscript%20src=%22https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js%22%3E%3C/script%3E I'll get you on it. http://momentjs.com/

barColor: '{{app.color.accent}}', percent: {{minutes5}} There's probably no need for figures.

A directive could be established to keep templates for all types to which deposits with the type to be determined. About:function ngContent($compile) { return { restrict: 'E', scope: { data: "=" }, replace: true, link: (scope, element, attrs) => { var templates = { 'image_horizontal' : "&lt;div&gt;&lt;span&gt;template1 {{data.name}}&lt;/span&gt;&lt;/div&gt;", 'image_vertical' : "&lt;div&gt;&lt;span&gt;template2 {{data.name}}&lt;/span&gt;&lt;/div&gt;"), 'gallery_fullscreen' : "&lt;div&gt;&lt;span&gt;template3 {{data.name}}&lt;/span&gt;&lt;/div&gt;"), }; // Сервис $compile представляет функцию, генерирующую контент из фрагментов html element.html($compile(templates[scope.data.type])(scope)); } } } And call the directive:<ng-ontent data="tab"></ng-ontent>