I enabled csrf token in config of Spring security. But how mobile device recieve csrf token? When I had jsp, it looked like:
<input type='hidden' name='${_csrf.parameterName}' value='${_csrf.token}'/>
But now I have no jsp... so any way to send csrf manually?
A popular practice is to code a filter to attach the token as a cookie. Your client then sends a GET request first to fetch that cookie. For the subsequent requests, that cookie is then sent back as a header.
You can look at the official Spring Angular guide, and refer to Spring Lemon's source code for a detailed implementation.