axios 0.31.1 → 0.33.0

package/dist/esm/axios.js

@@ -1,4 +1,4 @@
-// axios v0.31.1 Copyright (c) 2026 Matt Zabriskie
+// axios v0.33.0 Copyright (c) 2026 Matt Zabriskie
 var bind = function bind(fn, thisArg) {
   return function wrap() {
     return fn.apply(thisArg, arguments);
@@ -52,8 +52,14 @@ function isUndefined(val) {
  * @returns {boolean} True if value is a Buffer, otherwise false
  */
 function isBuffer(val) {
-  return val !== null && !isUndefined(val) && val.constructor !== null && !isUndefined(val.constructor)
-    && typeof val.constructor.isBuffer === 'function' && val.constructor.isBuffer(val);
+  return (
+    val !== null &&
+    !isUndefined(val) &&
+    val.constructor !== null &&
+    !isUndefined(val.constructor) &&
+    typeof val.constructor.isBuffer === 'function' &&
+    val.constructor.isBuffer(val)
+  );
 }
 
 /**
@@ -65,7 +71,6 @@ function isBuffer(val) {
  */
 var isArrayBuffer = kindOfTest('ArrayBuffer');
 
-
 /**
  * Determine if a value is a view on an ArrayBuffer
  *
@@ -74,10 +79,10 @@ var isArrayBuffer = kindOfTest('ArrayBuffer');
  */
 function isArrayBufferView(val) {
   var result;
-  if ((typeof ArrayBuffer !== 'undefined') && (ArrayBuffer.isView)) {
+  if (typeof ArrayBuffer !== 'undefined' && ArrayBuffer.isView) {
     result = ArrayBuffer.isView(val);
   } else {
-    result = (val) && (val.buffer) && (isArrayBuffer(val.buffer));
+    result = val && val.buffer && isArrayBuffer(val.buffer);
   }
   return result;
 }
@@ -214,12 +219,14 @@ function isFormData(thing) {
   // Reject non-objects (strings, numbers, booleans) up front — Object.getPrototypeOf
   // throws a TypeError on primitives in ES5 environments.
   if (!isObject(thing)) return false;
-  // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData (GHSA-6chq-wfr3-2hj9).
+  // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData.
   var proto = Object.getPrototypeOf(thing);
   if (!proto || proto === Object.prototype) return false;
   if (!isFunction(thing.append)) return false;
-  return toString.call(thing) === pattern ||
-    (isFunction(thing.toString) && thing.toString() === pattern);
+  return (
+    toString.call(thing) === pattern ||
+    (isFunction(thing.toString) && thing.toString() === pattern)
+  );
 }
 
 /**
@@ -237,7 +244,9 @@ var isURLSearchParams = kindOfTest('URLSearchParams');
  * @returns {String} The String freed of excess whitespace
  */
 function trim(str) {
-  return str.trim ? str.trim() : str.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, '');
+  return str.trim
+    ? str.trim()
+    : str.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, '');
 }
 
 /**
@@ -257,10 +266,11 @@ function trim(str) {
  */
 function isStandardBrowserEnv() {
   var product;
-  if (typeof navigator !== 'undefined' && (
-    (product = navigator.product) === 'ReactNative' ||
-    product === 'NativeScript' ||
-    product === 'NS')
+  if (
+    typeof navigator !== 'undefined' &&
+    ((product = navigator.product) === 'ReactNative' ||
+      product === 'NativeScript' ||
+      product === 'NS')
   ) {
     return false;
   }
@@ -325,14 +335,20 @@ function forEach(obj, fn) {
  * @returns {Object} Result of all merge properties
  */
 function merge(/* obj1, obj2, obj3, ... */) {
-  var result = {};
+  var result = Object.create(null);
   function assignValue(val, key) {
+    var target;
+
     if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
       return;
     }
 
-    if (isPlainObject(result[key]) && isPlainObject(val)) {
-      result[key] = merge(result[key], val);
+    target = Object.prototype.hasOwnProperty.call(result, key)
+      ? result[key]
+      : undefined;
+
+    if (isPlainObject(target) && isPlainObject(val)) {
+      result[key] = merge(target, val);
     } else if (isPlainObject(val)) {
       result[key] = merge({}, val);
     } else if (isArray(val)) {
@@ -374,7 +390,7 @@ function extend(a, b, thisArg) {
  * @return {string} content value without BOM
  */
 function stripBOM(content) {
-  if (content.charCodeAt(0) === 0xFEFF) {
+  if (content.charCodeAt(0) === 0xfeff) {
     content = content.slice(1);
   }
   return content;
@@ -389,7 +405,10 @@ function stripBOM(content) {
  */
 
 function inherits(constructor, superConstructor, props, descriptors) {
-  constructor.prototype = Object.create(superConstructor.prototype, descriptors);
+  constructor.prototype = Object.create(
+    superConstructor.prototype,
+    descriptors
+  );
   constructor.prototype.constructor = constructor;
   props && Object.assign(constructor.prototype, props);
 }
@@ -418,13 +437,20 @@ function toFlatObject(sourceObj, destObj, filter, propFilter) {
     i = props.length;
     while (i-- > 0) {
       prop = props[i];
-      if ((!propFilter || propFilter(prop, sourceObj, destObj)) && !merged[prop]) {
+      if (
+        (!propFilter || propFilter(prop, sourceObj, destObj)) &&
+        !merged[prop]
+      ) {
         destObj[prop] = sourceObj[prop];
         merged[prop] = true;
       }
     }
     sourceObj = filter !== false && Object.getPrototypeOf(sourceObj);
-  } while (sourceObj && (!filter || filter(sourceObj, destObj)) && sourceObj !== Object.prototype);
+  } while (
+    sourceObj &&
+    (!filter || filter(sourceObj, destObj)) &&
+    sourceObj !== Object.prototype
+  );
 
   return destObj;
 }
@@ -446,7 +472,6 @@ function endsWith(str, searchString, position) {
   return lastIndex !== -1 && lastIndex === position;
 }
 
-
 /**
  * Returns new array from array like object or null if failed
  * @param {*} [thing]
@@ -542,6 +567,82 @@ var utils = {
   hasOwnProperty: hasOwnProperty
 };
 
+var defaultRedactKeys = ['authorization', 'proxy-authorization', 'cookie', 'set-cookie', 'x-api-key', 'password'];
+
+var REDACTED_VALUE = '[REDACTED ****]';
+
+function makeValueDescriptor(value) {
+  var descriptor = Object.create(null);
+  descriptor.value = value;
+  return descriptor;
+}
+
+function getRedactKeys(config) {
+  // An empty array is treated as "no override" so an upstream `redact: []` cannot
+  // silently disable redaction. To opt out, pass non-string values or unset keys.
+  var override = config && utils.isArray(config.redact) && config.redact.length ? config.redact : null;
+  var redact = override || defaultRedactKeys;
+  var keys = {};
+
+  utils.forEach(redact, function eachRedactKey(key) {
+    if (typeof key === 'string') {
+      keys[key.toLowerCase()] = true;
+    }
+  });
+
+  return keys;
+}
+
+function shouldRedact(key, keys) {
+  return typeof key === 'string' && keys[key.toLowerCase()];
+}
+
+var CIRCULAR_VALUE = '[Circular]';
+
+function serializeConfigValue(value, keys, key, seen) {
+  var result;
+
+  if (shouldRedact(key, keys)) {
+    return REDACTED_VALUE;
+  }
+
+  if (utils.isArray(value)) {
+    if (seen.indexOf(value) !== -1) {
+      return CIRCULAR_VALUE;
+    }
+    seen.push(value);
+    result = [];
+    utils.forEach(value, function eachArrayValue(item, index) {
+      result[index] = serializeConfigValue(item, keys, index, seen);
+    });
+    seen.pop();
+    return result;
+  }
+
+  if (utils.isPlainObject(value)) {
+    if (seen.indexOf(value) !== -1) {
+      return CIRCULAR_VALUE;
+    }
+    seen.push(value);
+    result = {};
+    utils.forEach(value, function eachObjectValue(item, itemKey) {
+      result[itemKey] = serializeConfigValue(item, keys, itemKey, seen);
+    });
+    seen.pop();
+    return result;
+  }
+
+  return value;
+}
+
+function serializeConfig(config) {
+  if (!config) {
+    return config;
+  }
+
+  return serializeConfigValue(config, getRedactKeys(config), undefined, []);
+}
+
 /**
  * Create an Error with the specified message, config, error code, request and response.
  *
@@ -584,7 +685,7 @@ utils.inherits(AxiosError, Error, {
       columnNumber: this.columnNumber,
       stack: this.stack,
       // Axios
-      config: this.config,
+      config: serializeConfig(this.config),
       code: this.code,
       status: this.response && this.response.status ? this.response.status : null
     };
@@ -592,7 +693,7 @@ utils.inherits(AxiosError, Error, {
 });
 
 var prototype$1 = AxiosError.prototype;
-var descriptors = {};
+var descriptors = Object.create(null);
 
 [
   'ERR_BAD_OPTION_VALUE',
@@ -610,11 +711,11 @@ var descriptors = {};
   'ERR_FORM_DATA_DEPTH_EXCEEDED'
 // eslint-disable-next-line func-names
 ].forEach(function(code) {
-  descriptors[code] = {value: code};
+  descriptors[code] = makeValueDescriptor(code);
 });
 
 Object.defineProperties(AxiosError, descriptors);
-Object.defineProperty(prototype$1, 'isAxiosError', {value: true});
+Object.defineProperty(prototype$1, 'isAxiosError', makeValueDescriptor(true));
 
 // eslint-disable-next-line func-names
 AxiosError.from = function(error, code, config, request, response, customProps) {
@@ -733,6 +834,29 @@ function toFormData(obj, formData, options) {
     return value;
   }
 
+  var stack = [];
+
+  function assertValueDepth(value, depth) {
+    if (depth > maxDepth) {
+      throw new AxiosError_1(
+        'Maximum object depth of ' + maxDepth + ' exceeded (got ' + depth + ' levels)',
+        AxiosError_1.ERR_FORM_DATA_DEPTH_EXCEEDED
+      );
+    }
+
+    if (!utils.isObject(value) || stack.indexOf(value) !== -1) {
+      return;
+    }
+
+    stack.push(value);
+
+    utils.forEach(value, function each(el) {
+      assertValueDepth(el, depth + 1);
+    });
+
+    stack.pop();
+  }
+
   /**
    *
    * @param {*} value
@@ -748,6 +872,7 @@ function toFormData(obj, formData, options) {
       if (utils.endsWith(key, '{}')) {
         // eslint-disable-next-line no-param-reassign
         key = metaTokens ? key : key.slice(0, -2);
+        assertValueDepth(value, 1);
         // eslint-disable-next-line no-param-reassign
         value = JSON.stringify(value);
       } else if (
@@ -777,8 +902,6 @@ function toFormData(obj, formData, options) {
     return false;
   }
 
-  var stack = [];
-
   var exposedHelpers = Object.assign(predicates, {
     defaultVisitor: defaultVisitor,
     convertValue: convertValue,
@@ -829,7 +952,7 @@ function toFormData(obj, formData, options) {
 var toFormData_1 = toFormData;
 
 function encode$1(str) {
-  // Do not map `%00` back to a raw null byte (GHSA-xhjh-pmcv-23jw): that reversed
+  // Do not map `%00` back to a raw null byte: that reversed
   // the safe percent-encoding from encodeURIComponent and enabled null byte injection.
   var charMap = {
     '!': '%21',
@@ -839,9 +962,12 @@ function encode$1(str) {
     '~': '%7E',
     '%20': '+'
   };
-  return encodeURIComponent(str).replace(/[!'\(\)~]|%20/g, function replacer(match) {
-    return charMap[match];
-  });
+  return encodeURIComponent(str).replace(
+    /[!'\(\)~]|%20/g,
+    function replacer(match) {
+      return charMap[match];
+    }
+  );
 }
 
 function AxiosURLSearchParams(params, options) {
@@ -857,13 +983,17 @@ prototype.append = function append(name, value) {
 };
 
 prototype.toString = function toString(encoder) {
-  var _encode = encoder ? function(value) {
-    return encoder.call(this, value, encode$1);
-  } : encode$1;
+  var _encode = encoder
+    ? function(value) {
+      return encoder.call(this, value, encode$1);
+    }
+    : encode$1;
 
-  return this._pairs.map(function each(pair) {
-    return _encode(pair[0]) + '=' + _encode(pair[1]);
-  }, '').join('&');
+  return this._pairs
+    .map(function each(pair) {
+      return _encode(pair[0]) + '=' + _encode(pair[1]);
+    }, '')
+    .join('&');
 };
 
 var AxiosURLSearchParams_1 = AxiosURLSearchParams;
@@ -898,9 +1028,17 @@ var buildURL = function buildURL(url, params, options) {
     url = url.slice(0, hashmarkIndex);
   }
 
-  var _encode = options && options.encode || encode;
+  var _encode = encode;
+  var serializeFn;
 
-  var serializeFn = options && options.serialize;
+  if (options) {
+    if (utils.isFunction(options)) {
+      serializeFn = options;
+    } else {
+      _encode = utils.hasOwnProperty(options, 'encode') && options.encode || encode;
+      serializeFn = utils.hasOwnProperty(options, 'serialize') ? options.serialize : undefined;
+    }
+  }
 
   var serializedParams;
 
@@ -1023,6 +1161,19 @@ var toURLEncodedForm = function toURLEncodedForm(data, options) {
   }, options));
 };
 
+var MAX_FORM_DATA_TO_JSON_DEPTH = 100;
+
+function assertPathDepth(path) {
+  var depth = path.length - 1;
+
+  if (depth > MAX_FORM_DATA_TO_JSON_DEPTH) {
+    throw new AxiosError_1(
+      'Maximum object depth of ' + MAX_FORM_DATA_TO_JSON_DEPTH + ' exceeded (got ' + depth + ' levels)',
+      AxiosError_1.ERR_FORM_DATA_DEPTH_EXCEEDED
+    );
+  }
+}
+
 function parsePropPath(name) {
   // foo[x][y][z]
   // foo.x.y.z
@@ -1083,7 +1234,10 @@ function formDataToJSON(formData) {
     var obj = {};
 
     utils.forEachEntry(formData, function(name, value) {
-      buildPath(parsePropPath(name), value, obj, 0);
+      var path = parsePropPath(name);
+
+      assertPathDepth(path);
+      buildPath(path, value, obj, 0);
     });
 
     return obj;
@@ -1146,8 +1300,21 @@ var cookies = (
         },
 
         read: function read(name) {
-          var match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
-          return (match ? decodeURIComponent(match[3]) : null);
+          var nameEQ = name + '=';
+          var cookies = document.cookie.split(';');
+          var cookie;
+
+          for (var i = 0; i < cookies.length; i++) {
+            cookie = cookies[i];
+            while (cookie.charAt(0) === ' ') {
+              cookie = cookie.substring(1);
+            }
+            if (cookie.indexOf(nameEQ) === 0) {
+              return decodeURIComponent(cookie.substring(nameEQ.length));
+            }
+          }
+
+          return null;
         },
 
         remove: function remove(name) {
@@ -1356,8 +1523,10 @@ var xhr = function xhrAdapter(config) {
     var requestData = config.data;
     var requestHeaders = config.headers;
     var responseType = config.responseType;
-    // Guard against prototype pollution (GHSA-xx6v-rp6x-q39c): only honor own properties.
-    var withXSRFToken = utils.hasOwnProperty(config, 'withXSRFToken') ? config.withXSRFToken : undefined;
+    // Guard against prototype pollution: only honor own properties.
+    var withXSRFToken = utils.hasOwnProperty(config, 'withXSRFToken')
+      ? config.withXSRFToken
+      : undefined;
     var onCanceled;
     function done() {
       if (config.cancelToken) {
@@ -1376,15 +1545,30 @@ var xhr = function xhrAdapter(config) {
     var request = new XMLHttpRequest();
 
     // HTTP basic authentication
-    if (config.auth) {
-      var username = config.auth.username || '';
-      var password = config.auth.password ? unescape(encodeURIComponent(config.auth.password)) : '';
+    var configAuth = utils.hasOwnProperty(config, 'auth') ? config.auth : undefined;
+    if (configAuth) {
+      var username = utils.hasOwnProperty(configAuth, 'username') ? configAuth.username || '' : '';
+      var password = utils.hasOwnProperty(configAuth, 'password') && configAuth.password
+        ? unescape(encodeURIComponent(configAuth.password))
+        : '';
       requestHeaders.Authorization = 'Basic ' + btoa(username + ':' + password);
     }
 
-    var fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
+    var fullPath = buildFullPath(
+      config.baseURL,
+      config.url,
+      config.allowAbsoluteUrls
+    );
 
-    request.open(config.method.toUpperCase(), buildURL(fullPath, config.params, config.paramsSerializer), true);
+    request.open(
+      config.method.toUpperCase(),
+      buildURL(
+        fullPath,
+        config.params,
+        utils.hasOwnProperty(config, 'paramsSerializer') ? config.paramsSerializer : undefined
+      ),
+      true
+    );
 
     // Set the request timeout in MS
     request.timeout = config.timeout;
@@ -1394,9 +1578,14 @@ var xhr = function xhrAdapter(config) {
         return;
       }
       // Prepare the response
-      var responseHeaders = 'getAllResponseHeaders' in request ? parseHeaders(request.getAllResponseHeaders()) : null;
-      var responseData = !responseType || responseType === 'text' ||  responseType === 'json' ?
-        request.responseText : request.response;
+      var responseHeaders =
+        'getAllResponseHeaders' in request
+          ? parseHeaders(request.getAllResponseHeaders())
+          : null;
+      var responseData =
+        !responseType || responseType === 'text' || responseType === 'json'
+          ? request.responseText
+          : request.response;
       var response = {
         data: responseData,
         status: request.status,
@@ -1406,13 +1595,17 @@ var xhr = function xhrAdapter(config) {
         request: request
       };
 
-      settle(function _resolve(value) {
-        resolve(value);
-        done();
-      }, function _reject(err) {
-        reject(err);
-        done();
-      }, response);
+      settle(
+        function _resolve(value) {
+          resolve(value);
+          done();
+        },
+        function _reject(err) {
+          reject(err);
+          done();
+        },
+        response
+      );
 
       // Clean up request
       request = null;
@@ -1432,7 +1625,10 @@ var xhr = function xhrAdapter(config) {
         // handled by onerror instead
         // With one exception: request that using file: protocol, most browsers
         // will return status as 0 even though it's a successful request
-        if (request.status === 0 && !(request.responseURL && request.responseURL.indexOf('file:') === 0)) {
+        if (
+          request.status === 0 &&
+          !(request.responseURL && request.responseURL.indexOf('file:') === 0)
+        ) {
           return;
         }
         // readystate handler is calling before onerror or ontimeout handlers,
@@ -1447,7 +1643,14 @@ var xhr = function xhrAdapter(config) {
         return;
       }
 
-      reject(new AxiosError_1('Request aborted', AxiosError_1.ECONNABORTED, config, request));
+      reject(
+        new AxiosError_1(
+          'Request aborted',
+          AxiosError_1.ECONNABORTED,
+          config,
+          request
+        )
+      );
 
       // Clean up request
       request = null;
@@ -1457,7 +1660,14 @@ var xhr = function xhrAdapter(config) {
     request.onerror = function handleError() {
       // Real errors are hidden from us by the browser
       // onerror should only fire if it's a network error
-      reject(new AxiosError_1('Network Error', AxiosError_1.ERR_NETWORK, config, request));
+      reject(
+        new AxiosError_1(
+          'Network Error',
+          AxiosError_1.ERR_NETWORK,
+          config,
+          request
+        )
+      );
 
       // Clean up request
       request = null;
@@ -1465,16 +1675,23 @@ var xhr = function xhrAdapter(config) {
 
     // Handle timeout
     request.ontimeout = function handleTimeout() {
-      var timeoutErrorMessage = config.timeout ? 'timeout of ' + config.timeout + 'ms exceeded' : 'timeout exceeded';
+      var timeoutErrorMessage = config.timeout
+        ? 'timeout of ' + config.timeout + 'ms exceeded'
+        : 'timeout exceeded';
       var transitional$1 = config.transitional || transitional;
       if (config.timeoutErrorMessage) {
         timeoutErrorMessage = config.timeoutErrorMessage;
       }
-      reject(new AxiosError_1(
-        timeoutErrorMessage,
-        transitional$1.clarifyTimeoutError ? AxiosError_1.ETIMEDOUT : AxiosError_1.ECONNABORTED,
-        config,
-        request));
+      reject(
+        new AxiosError_1(
+          timeoutErrorMessage,
+          transitional$1.clarifyTimeoutError
+            ? AxiosError_1.ETIMEDOUT
+            : AxiosError_1.ECONNABORTED,
+          config,
+          request
+        )
+      );
 
       // Clean up request
       request = null;
@@ -1488,10 +1705,16 @@ var xhr = function xhrAdapter(config) {
       if (utils.isFunction(withXSRFToken)) {
         withXSRFToken = withXSRFToken(config);
       }
-      // Strict boolean check (GHSA-xx6v-rp6x-q39c): only `true` short-circuits the same-origin guard.
-      if (withXSRFToken === true || (withXSRFToken !== false && isURLSameOrigin(fullPath))) {
+      // Strict boolean check: only `true` short-circuits the same-origin guard.
+      if (
+        withXSRFToken === true ||
+        (withXSRFToken !== false && isURLSameOrigin(fullPath))
+      ) {
         // Add xsrf header
-        var xsrfValue = config.xsrfHeaderName && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
+        var xsrfValue =
+          config.xsrfHeaderName &&
+          config.xsrfCookieName &&
+          cookies.read(config.xsrfCookieName);
         if (xsrfValue) {
           requestHeaders[config.xsrfHeaderName] = xsrfValue;
         }
@@ -1501,7 +1724,10 @@ var xhr = function xhrAdapter(config) {
     // Add headers to the request
     if ('setRequestHeader' in request) {
       utils.forEach(requestHeaders, function setRequestHeader(val, key) {
-        if (typeof requestData === 'undefined' && key.toLowerCase() === 'content-type') {
+        if (
+          typeof requestData === 'undefined' &&
+          key.toLowerCase() === 'content-type'
+        ) {
           // Remove Content-Type if data is undefined
           delete requestHeaders[key];
         } else {
@@ -1538,30 +1764,46 @@ var xhr = function xhrAdapter(config) {
         if (!request) {
           return;
         }
-        reject(!cancel || cancel.type ? new CanceledError_1(null, config, request) : cancel);
+        reject(
+          !cancel || cancel.type
+            ? new CanceledError_1(null, config, request)
+            : cancel
+        );
         request.abort();
         request = null;
       };
 
       config.cancelToken && config.cancelToken.subscribe(onCanceled);
       if (config.signal) {
-        config.signal.aborted ? onCanceled() : config.signal.addEventListener('abort', onCanceled);
+        config.signal.aborted
+          ? onCanceled()
+          : config.signal.addEventListener('abort', onCanceled);
       }
     }
 
     // false, 0 (zero number), and '' (empty string) are valid JSON values
-    if (!requestData && requestData !== false && requestData !== 0 && requestData !== '') {
+    if (
+      !requestData &&
+      requestData !== false &&
+      requestData !== 0 &&
+      requestData !== ''
+    ) {
       requestData = null;
     }
 
     var protocol = parseProtocol(fullPath);
 
     if (protocol && platform.protocols.indexOf(protocol) === -1) {
-      reject(new AxiosError_1('Unsupported protocol ' + protocol + ':', AxiosError_1.ERR_BAD_REQUEST, config));
+      reject(
+        new AxiosError_1(
+          'Unsupported protocol ' + protocol + ':',
+          AxiosError_1.ERR_BAD_REQUEST,
+          config
+        )
+      );
       return;
     }
 
-
     // Send the request
     request.send(requestData);
   });
@@ -1709,6 +1951,8 @@ var defaults = {
   maxContentLength: -1,
   maxBodyLength: -1,
 
+  redact: defaultRedactKeys.slice(),
+
   env: {
     FormData: platform.classes.FormData,
     Blob: platform.classes.Blob
@@ -1815,11 +2059,16 @@ var dispatchRequest = function dispatchRequest(config) {
   normalizeHeaderName(config.headers, 'Content-Type');
 
   // Flatten headers
-  config.headers = utils.merge(
-    config.headers.common || {},
-    config.headers[config.method] || {},
-    config.headers
-  );
+  var commonHeaders = utils.hasOwnProperty(config.headers, 'common') && config.headers.common
+    ? config.headers.common
+    : {};
+  var methodHeaders = config.method &&
+    utils.hasOwnProperty(config.headers, config.method) &&
+    config.headers[config.method]
+    ? config.headers[config.method]
+    : {};
+
+  config.headers = utils.merge(commonHeaders, methodHeaders, config.headers);
 
   utils.forEach(
     ['delete', 'get', 'head', 'post', 'put', 'patch', 'common'],
@@ -1964,6 +2213,7 @@ var mergeConfig = function mergeConfig(config1, config2) {
     'httpsAgent': defaultToConfig2,
     'cancelToken': defaultToConfig2,
     'socketPath': defaultToConfig2,
+    'allowedSocketPaths': defaultToConfig2,
     'responseEncoding': defaultToConfig2,
     'validateStatus': mergeDirectKeys
   };
@@ -1981,7 +2231,7 @@ var mergeConfig = function mergeConfig(config1, config2) {
 };
 
 var data = {
-  "version": "0.31.1"
+  "version": "0.33.0"
 };
 
 var VERSION = data.version;
@@ -2205,10 +2455,12 @@ Axios.prototype.getUri = function getUri(config) {
 utils.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoData(method) {
   /*eslint func-names:0*/
   Axios.prototype[method] = function(url, config) {
-    return this.request(mergeConfig(config || {}, {
+    var requestConfig = config || {};
+
+    return this.request(mergeConfig(requestConfig, {
       method: method,
       url: url,
-      data: (config || {}).data
+      data: utils.hasOwnProperty(requestConfig, 'data') ? requestConfig.data : undefined
     }));
   };
 });