An Http interceptor is used for modification of the Http requests, if an interceptor is installed, before the request is sent to the backend, an intercepting service is present that can be used to customize the header of the http request and perform functions to enhance the security of the system and security within the system.
HTTP REQUEST AND HANDLER
Whenever an intercept is called, it is placed between the application and the backend of the system. The interceptor can catch the request and analyze it before sending it to the server. This method allows the transformation of an angular http request. It is very easy to create an Interceptor in Angular, an injectable service of the HttpInterceptor can be created in which the logic for rejecting and passing the request can be coded. There are multiple arguments in an Http intercept class, the Http request and the httphandler are the two most important functions, the http request cannot be modified therefore it is immutable while handler can intercept and detect chains of similar requests in order to flag them for future misuse.
The angular interceptor can be deployed in a number of ways in order to enhance the security of an angular application.
Using the interceptors angular services, we are able to parse our own values in the http header, by adding conditions to the http header it would reject multiple malicious responses effectively improving the overall security of the responses generated as a result. Some of the practices of using angular interceptor are following.
Adding content type in the interceptor created can be useful for filtering multiple different types of malicious response. For instance, a server has to send a JSON response to the client but due to the connection with the man-in-the-middle, he modifies the response and adds a malicious .dll file with it. If an interceptor is placed on the client side, the response would get rejected but in the absence of an interceptor the dll would pass and affect the client.
An authorization token can also be added in the header of an angular interceptor, the JSON web token is a technique used by multiple application that modifies the header to add JWT token so that whenever a user logs in the system and then requests a resource he will access the resource else his request would be rejected. This practice allows to modify the request and enables authorized user access to sensitive information.
The best practice of using the angular interceptor is that we can manipulate the URL of the web server with ease using the req.url.rep function. In many cases the website is running on a http protocol, we can clone the request and replace the http with https and then forward the request to the server.