@nmshd/transport 2.1.3 → 2.1.4

package/dist/buildInformation.js

@@ -4,11 +4,11 @@ exports.buildInformation = void 0;
 const ts_serval_1 = require("@js-soft/ts-serval");
 const crypto_1 = require("@nmshd/crypto");
 exports.buildInformation = {
-    version: "2.1.3",
-    build: "62",
-    date: "2023-11-13T12:38:14+00:00",
-    commit: "c24f8b1360b20847ca808d5bae2ed63654d126c6",
-    dependencies: {"@js-soft/docdb-access-abstractions":"1.0.1","@js-soft/logging-abstractions":"1.0.0","@js-soft/simple-logger":"1.0.3","@js-soft/ts-utils":"2.3.1","axios":"^1.6.1","fast-json-patch":"^3.1.1","form-data":"^4.0.0","json-stringify-safe":"^5.0.1","lodash":"^4.17.21","luxon":"^3.4.4","qs":"^6.11.2","reflect-metadata":"^0.1.13","ts-simple-nameof":"^1.3.1","uuid":"^9.0.1"},
+    version: "2.1.4",
+    build: "63",
+    date: "2023-11-17T14:40:52+00:00",
+    commit: "09eb88033395f248a6df1c4b89ab9dc1c8c2c59b",
+    dependencies: {"@js-soft/docdb-access-abstractions":"1.0.2","@js-soft/logging-abstractions":"1.0.1","@js-soft/simple-logger":"1.0.4","@js-soft/ts-utils":"2.3.3","axios":"^1.6.2","fast-json-patch":"^3.1.1","form-data":"^4.0.0","json-stringify-safe":"^5.0.1","lodash":"^4.17.21","luxon":"^3.4.4","qs":"^6.11.2","reflect-metadata":"^0.1.13","ts-simple-nameof":"^1.3.1","uuid":"^9.0.1"},
     libraries: {
         crypto: crypto_1.buildInformation,
         serval: ts_serval_1.buildInformation

package/lib-web/nmshd.transport.js

@@ -15,11 +15,11 @@ exports.buildInformation = void 0;
 const ts_serval_1 = __webpack_require__(/*! @js-soft/ts-serval */ "@js-soft/ts-serval");
 const crypto_1 = __webpack_require__(/*! @nmshd/crypto */ "@nmshd/crypto");
 exports.buildInformation = {
-    version: "2.1.3",
-    build: "62",
-    date: "2023-11-13T12:38:14+00:00",
-    commit: "c24f8b1360b20847ca808d5bae2ed63654d126c6",
-    dependencies: {"@js-soft/docdb-access-abstractions":"1.0.1","@js-soft/logging-abstractions":"1.0.0","@js-soft/simple-logger":"1.0.3","@js-soft/ts-utils":"2.3.1","axios":"^1.6.1","fast-json-patch":"^3.1.1","form-data":"^4.0.0","json-stringify-safe":"^5.0.1","lodash":"^4.17.21","luxon":"^3.4.4","qs":"^6.11.2","reflect-metadata":"^0.1.13","ts-simple-nameof":"^1.3.1","uuid":"^9.0.1"},
+    version: "2.1.4",
+    build: "63",
+    date: "2023-11-17T14:40:52+00:00",
+    commit: "09eb88033395f248a6df1c4b89ab9dc1c8c2c59b",
+    dependencies: {"@js-soft/docdb-access-abstractions":"1.0.2","@js-soft/logging-abstractions":"1.0.1","@js-soft/simple-logger":"1.0.4","@js-soft/ts-utils":"2.3.3","axios":"^1.6.2","fast-json-patch":"^3.1.1","form-data":"^4.0.0","json-stringify-safe":"^5.0.1","lodash":"^4.17.21","luxon":"^3.4.4","qs":"^6.11.2","reflect-metadata":"^0.1.13","ts-simple-nameof":"^1.3.1","uuid":"^9.0.1"},
     libraries: {
         crypto: crypto_1.buildInformation,
         serval: ts_serval_1.buildInformation
@@ -45920,7 +45920,7 @@ module.exports = TSServal;
 /***/ ((module, __unused_webpack_exports, __webpack_require__) => {
 
 "use strict";
-// Axios v1.6.1 Copyright (c) 2023 Matt Zabriskie and contributors
+// Axios v1.6.2 Copyright (c) 2023 Matt Zabriskie and contributors
 
 
 function bind(fn, thisArg) {
@@ -47882,51 +47882,42 @@ function settle(resolve, reject, response) {
 
 var cookies = platform.hasStandardBrowserEnv ?
 
-// Standard browser envs support document.cookie
-  (function standardBrowserEnv() {
-    return {
-      write: function write(name, value, expires, path, domain, secure) {
-        const cookie = [];
-        cookie.push(name + '=' + encodeURIComponent(value));
+  // Standard browser envs support document.cookie
+  {
+    write(name, value, expires, path, domain, secure) {
+      const cookie = [name + '=' + encodeURIComponent(value)];
 
-        if (utils$1.isNumber(expires)) {
-          cookie.push('expires=' + new Date(expires).toGMTString());
-        }
+      utils$1.isNumber(expires) && cookie.push('expires=' + new Date(expires).toGMTString());
 
-        if (utils$1.isString(path)) {
-          cookie.push('path=' + path);
-        }
+      utils$1.isString(path) && cookie.push('path=' + path);
 
-        if (utils$1.isString(domain)) {
-          cookie.push('domain=' + domain);
-        }
+      utils$1.isString(domain) && cookie.push('domain=' + domain);
 
-        if (secure === true) {
-          cookie.push('secure');
-        }
+      secure === true && cookie.push('secure');
 
-        document.cookie = cookie.join('; ');
-      },
+      document.cookie = cookie.join('; ');
+    },
 
-      read: function read(name) {
-        const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
-        return (match ? decodeURIComponent(match[3]) : null);
-      },
+    read(name) {
+      const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
+      return (match ? decodeURIComponent(match[3]) : null);
+    },
 
-      remove: function remove(name) {
-        this.write(name, '', Date.now() - 86400000);
-      }
-    };
-  })() :
+    remove(name) {
+      this.write(name, '', Date.now() - 86400000);
+    }
+  }
 
-// Non standard browser env (web workers, react-native) lack needed support.
-  (function nonStandardBrowserEnv() {
-    return {
-      write: function write() {},
-      read: function read() { return null; },
-      remove: function remove() {}
-    };
-  })();
+  :
+
+  // Non-standard browser env (web workers, react-native) lack needed support.
+  {
+    write() {},
+    read() {
+      return null;
+    },
+    remove() {}
+  };
 
 /**
  * Determines whether the specified URL is absolute
@@ -47983,7 +47974,7 @@ var isURLSameOrigin = platform.hasStandardBrowserEnv ?
     let originURL;
 
     /**
-    * Parse a URL to discover it's components
+    * Parse a URL to discover its components
     *
     * @param {String} url The URL to be parsed
     * @returns {Object}
@@ -48128,7 +48119,7 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
   return new Promise(function dispatchXhrRequest(resolve, reject) {
     let requestData = config.data;
     const requestHeaders = AxiosHeaders$1.from(config.headers).normalize();
-    const responseType = config.responseType;
+    let {responseType, withXSRFToken} = config;
     let onCanceled;
     function done() {
       if (config.cancelToken) {
@@ -48264,13 +48255,16 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
     // Add xsrf header
     // This is only done if running in a standard browser environment.
     // Specifically not if we're in a web worker, or react-native.
-    if (platform.hasStandardBrowserEnv) {
-      // Add xsrf header
-      // regarding CVE-2023-45857 config.withCredentials condition was removed temporarily
-      const xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
+    if(platform.hasStandardBrowserEnv) {
+      withXSRFToken && utils$1.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(config));
+
+      if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(fullPath))) {
+        // Add xsrf header
+        const xsrfValue = config.xsrfHeaderName && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
 
-      if (xsrfValue) {
-        requestHeaders.set(config.xsrfHeaderName, xsrfValue);
+        if (xsrfValue) {
+          requestHeaders.set(config.xsrfHeaderName, xsrfValue);
+        }
       }
     }
 
@@ -48553,6 +48547,7 @@ function mergeConfig(config1, config2) {
     timeout: defaultToConfig2,
     timeoutMessage: defaultToConfig2,
     withCredentials: defaultToConfig2,
+    withXSRFToken: defaultToConfig2,
     adapter: defaultToConfig2,
     responseType: defaultToConfig2,
     xsrfCookieName: defaultToConfig2,
@@ -48582,7 +48577,7 @@ function mergeConfig(config1, config2) {
   return config;
 }
 
-const VERSION = "1.6.1";
+const VERSION = "1.6.2";
 
 const validators$1 = {};