You can change the default header through the $http object during runtime instead of the $httpProvider. For example you can do the following outside of a config block:
$http.defaults.headers.post['XSRF-AUTH'] = "access token";
Check out the $http api docs for more details http://docs.angularjs.org/api/ng/service/$http#setting-http-headers.