Maybe you could intercept the response, parse the headers and set the token manually.
Something like this:
module.factory('xsrfTokenInterceptor', function ($q, $http) {
return {
'response': function (response) {
var cookies = response.headers("Set-Cookie");
var token = someCrazyParsing(cookies);
$http.defaults.headers.common["X-CSRFToken"]=token;
return response || $q.when(response);
}
};
});
module.config(function($httpProvider){
$httpProvider.interceptors.push('xsrfTokenInterceptor')
})
EDIT NEW APPROACH
Maybe something like this?
module.factory('LoginService', function ($q, $http) {
var login = function (email, password) {
var defered = $q.defer();
$http.post('http://127.0.0.1:8000/api/user/login/', {
'email': email,
'password': password
}).success(function (data, status, headers, config) {
var cookies = headers("Set-Cookie");
var token = someCrazyParsing(cookies); //<-- Your magic here
$http.defaults.headers.common["X-CSRFToken"] = token;
defered.resolve(data);
}).error(function (data, status, headers, config) {
defered.reject(data);
});
return defered.promise;
};
return {
login: login
};
});
module.controller("LoginCtrl", function ($scope, LoginService, Cart) {
$scope.submit = function () {
LoginService.login($scope.email, $scope.password).then(function (data) {
Cart.getCart(function (data) {});
});
};
});