axios 1.17.0 → 1.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +84 -1
- package/README.md +155 -22
- package/dist/axios.js +407 -142
- package/dist/axios.min.js +3 -3
- package/dist/axios.min.js.map +1 -1
- package/dist/browser/axios.cjs +422 -115
- package/dist/esm/axios.js +422 -115
- package/dist/esm/axios.min.js +2 -2
- package/dist/esm/axios.min.js.map +1 -1
- package/dist/node/axios.cjs +515 -130
- package/index.d.cts +19 -1
- package/index.d.ts +19 -1
- package/lib/adapters/adapters.js +1 -1
- package/lib/adapters/fetch.js +140 -49
- package/lib/adapters/http.js +215 -54
- package/lib/adapters/xhr.js +1 -0
- package/lib/core/Axios.js +3 -2
- package/lib/core/AxiosError.js +13 -1
- package/lib/core/AxiosHeaders.js +10 -7
- package/lib/core/buildFullPath.js +29 -1
- package/lib/core/mergeConfig.js +35 -0
- package/lib/defaults/transitional.js +1 -0
- package/lib/env/data.js +1 -1
- package/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/lib/helpers/buildURL.js +6 -3
- package/lib/helpers/composeSignals.js +1 -1
- package/lib/helpers/cookies.js +5 -1
- package/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
- package/lib/helpers/formDataToJSON.js +25 -3
- package/lib/helpers/fromDataURI.js +4 -2
- package/lib/helpers/resolveConfig.js +14 -7
- package/lib/helpers/shouldBypassProxy.js +33 -1
- package/lib/helpers/toFormData.js +47 -11
- package/lib/helpers/validator.js +1 -1
- package/lib/utils.js +75 -11
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,88 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## v1.18.0 — June 13, 2026
|
|
4
|
+
|
|
5
|
+
This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.
|
|
6
|
+
|
|
7
|
+
## 🔒 Security Fixes
|
|
8
|
+
|
|
9
|
+
* **Redirect Header Safety:** Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (__#10892__)
|
|
10
|
+
|
|
11
|
+
* **URL And Request Hardening:** Rejects malformed `http:` and `https:` URLs that omit `//` with `ERR_INVALID_URL`, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local `NO_PROXY` matching. (__#11000__)
|
|
12
|
+
|
|
13
|
+
## 🐛 Bug Fixes
|
|
14
|
+
|
|
15
|
+
* **Status Validation:** Added `transitional.validateStatusUndefinedResolves` so applications can opt in to treating `validateStatus: undefined` like the option was omitted, while `validateStatus: null` remains the explicit way to accept every status. (__#10899__)
|
|
16
|
+
|
|
17
|
+
## 🔧 Maintenance & Chores
|
|
18
|
+
|
|
19
|
+
* **Documentation:** Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the `proxy` request config as Node.js-only in the advanced docs. (__#10984__, __#10988__, __#10992__, __#10995__)
|
|
20
|
+
|
|
21
|
+
* **Dependencies:** Bumped `@babel/core`, `@babel/preset-env`, `@commitlint/cli`, `@commitlint/config-conventional`, `@rollup/plugin-babel`, `@rollup/plugin-commonjs`, `@vitest/browser`, `@vitest/browser-playwright`, `eslint`, `lint-staged`, `rollup`, `vitest`, and `actions/checkout`. (__#10989__, __#10996__, __#10997__)
|
|
22
|
+
|
|
23
|
+
* **Release Metadata:** Prepared the 1.18.0 release by updating package metadata and the runtime `VERSION` value. (__#11003__)
|
|
24
|
+
|
|
25
|
+
## 🌟 New Contributors
|
|
26
|
+
|
|
27
|
+
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
|
|
28
|
+
|
|
29
|
+
* __@drori12__ (__#10984__)
|
|
30
|
+
* __@eyupcanakman__ (__#10899__)
|
|
31
|
+
* __@Adi-Beker__ (__#10995__)
|
|
32
|
+
|
|
33
|
+
[Full Changelog](https://github.com/axios/axios/compare/v1.17.0...v1.18.0)
|
|
34
|
+
|
|
35
|
+
## v1.17.0 — June 1, 2026
|
|
36
|
+
|
|
37
|
+
This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.
|
|
38
|
+
|
|
39
|
+
## 🔒 Security Fixes
|
|
40
|
+
|
|
41
|
+
* **Config Hardening:** Guarded `socketPath`, `params`, and `paramsSerializer` reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (__#10901__, __#10922__)
|
|
42
|
+
* **Release Publishing:** Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (__#10926__)
|
|
43
|
+
|
|
44
|
+
## 🚀 New Features
|
|
45
|
+
|
|
46
|
+
* **HTTP Compression:** Added Node HTTP adapter support for zstd response decompression, with `transitional.advertiseZstdAcceptEncoding` controlling whether `zstd` is advertised in `Accept-Encoding`. (__#6792__, __#10920__)
|
|
47
|
+
|
|
48
|
+
## 🐛 Bug Fixes
|
|
49
|
+
|
|
50
|
+
* **Authentication Handling:** Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (__#10929__, __#10896__)
|
|
51
|
+
* **Proxy TLS:** Preserved user `httpsAgent` TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (__#10957__)
|
|
52
|
+
* **React Native FormData:** Cleared default `Content-Type` for React Native `FormData` so multipart boundaries can be generated correctly. (__#10898__)
|
|
53
|
+
* **Headers:** Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (__#10875__)
|
|
54
|
+
* **Request Data Merging:** Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (__#10812__)
|
|
55
|
+
* **Bundler Compatibility:** Converted `resolveConfig` from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (__#10891__)
|
|
56
|
+
* **Types:** Corrected `AxiosHeaders.toJSON()` return types and updated CommonJS `isCancel` typings to narrow to `CanceledError<T>`. (__#10956__, __#10952__)
|
|
57
|
+
* **Build Tooling:** Avoided emitting a null `Authorization` header from the GitHub build helper when `GITHUB_TOKEN` is unset. (__#10931__)
|
|
58
|
+
|
|
59
|
+
## 🔧 Maintenance & Chores
|
|
60
|
+
|
|
61
|
+
* **HTTP/2 Internals:** Extracted `Http2Sessions` into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (__#10861__)
|
|
62
|
+
* **Package Publishing:** Reduced published package size by switching to a `files` allowlist and dropping unneeded unminified bundle source maps. (__#10939__)
|
|
63
|
+
* **CI and Release Automation:** Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (__#10907__, __#10911__, __#10916__, __#10927__, __#10935__, __#10983__)
|
|
64
|
+
* **Developer Workflow:** Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (__#10925__, __#10914__, __#10958__)
|
|
65
|
+
* **Documentation and Policy:** Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (__#10890__, __#10889__, __#10921__, __#10945__, __#10905__, __#10933__, __#10915__, __#10887__, __#10955__)
|
|
66
|
+
* **Dependencies:** Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, `fs-extra`, `qs`, docs dependencies, and GitHub Actions dependencies including `actions/dependency-review-action` and `zizmorcore/zizmor-action`. (__#10871__, __#10879__, __#10918__, __#10919__, __#10934__, __#10947__, __#10954__, __#10960__)
|
|
67
|
+
|
|
68
|
+
## 🌟 New Contributors
|
|
69
|
+
|
|
70
|
+
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
|
|
71
|
+
|
|
72
|
+
* __@BasixKOR__ (__#6792__)
|
|
73
|
+
* __@carladams1299-lab__ (__#10861__)
|
|
74
|
+
* __@LaplaceYoung__ (__#10812__)
|
|
75
|
+
* __@JamieMagee__ (__#10939__)
|
|
76
|
+
* __@RonGamzu__ (__#10905__)
|
|
77
|
+
* __@sapirbaruch__ (__#10891__)
|
|
78
|
+
* __@nezukoagent__ (__#10901__)
|
|
79
|
+
* __@devareddy05__ (__#10929__)
|
|
80
|
+
* __@Mohammad-Faiz-Cloud-Engineer__ (__#10922__)
|
|
81
|
+
* __@azandabot__ (__#10931__)
|
|
82
|
+
* __@niksy__ (__#10896__)
|
|
83
|
+
|
|
84
|
+
[Full Changelog](https://github.com/axios/axios/compare/v1.16.1...v1.17.0)
|
|
85
|
+
|
|
3
86
|
## v1.16.1 — May 13, 2026
|
|
4
87
|
|
|
5
88
|
This release ships a defence-in-depth fix for prototype pollution in `formDataToJSON`, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.
|
|
@@ -1432,7 +1515,7 @@ This functionality is considered as a fix.
|
|
|
1432
1515
|
|
|
1433
1516
|
- fix: improve AxiosHeaders class [#5224](https://github.com/axios/axios/pull/5224)
|
|
1434
1517
|
- fix: TypeScript type definitions for commonjs [#5196](https://github.com/axios/axios/pull/5196)
|
|
1435
|
-
- fix: type definition of use method on AxiosInterceptorManager to match the
|
|
1518
|
+
- fix: type definition of use method on AxiosInterceptorManager to match the README [#5071](https://github.com/axios/axios/pull/5071)
|
|
1436
1519
|
- fix: \_\_dirname is not defined in the sandbox [#5269](https://github.com/axios/axios/pull/5269)
|
|
1437
1520
|
- fix: AxiosError.toJSON method to avoid circular references [#5247](https://github.com/axios/axios/pull/5247)
|
|
1438
1521
|
- fix: Z_BUF_ERROR when content-encoding is set but the response body is empty [#5250](https://github.com/axios/axios/pull/5250)
|
package/README.md
CHANGED
|
@@ -298,7 +298,6 @@
|
|
|
298
298
|
</tr>
|
|
299
299
|
</table>
|
|
300
300
|
|
|
301
|
-
|
|
302
301
|
<!--<div>marker</div>-->
|
|
303
302
|
|
|
304
303
|
<br><br>
|
|
@@ -430,6 +429,12 @@ Using bun:
|
|
|
430
429
|
$ bun add axios
|
|
431
430
|
```
|
|
432
431
|
|
|
432
|
+
Using Deno:
|
|
433
|
+
|
|
434
|
+
```bash
|
|
435
|
+
$ deno add axios
|
|
436
|
+
```
|
|
437
|
+
|
|
433
438
|
Once the package is installed, import it with `import` or `require`:
|
|
434
439
|
|
|
435
440
|
```js
|
|
@@ -513,16 +518,16 @@ axios
|
|
|
513
518
|
// Want to use async/await? Add the `async` keyword to your outer function/method.
|
|
514
519
|
async function getUser() {
|
|
515
520
|
try {
|
|
516
|
-
// Example: GET request with query parameters
|
|
517
|
-
const response = await axios.get('/user', {
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
});
|
|
521
|
+
// Example: GET request with query parameters
|
|
522
|
+
const response = await axios.get('/user', {
|
|
523
|
+
params: {
|
|
524
|
+
ID: 12345,
|
|
525
|
+
},
|
|
526
|
+
});
|
|
522
527
|
|
|
523
|
-
// Using the `params` option improves readability and automatically formats query strings
|
|
528
|
+
// Using the `params` option improves readability and automatically formats query strings
|
|
524
529
|
|
|
525
|
-
console.log(response);
|
|
530
|
+
console.log(response);
|
|
526
531
|
} catch (error) {
|
|
527
532
|
console.error(error);
|
|
528
533
|
}
|
|
@@ -770,9 +775,12 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
770
775
|
|
|
771
776
|
// `data` is the data to be sent as the request body
|
|
772
777
|
// Only applicable for request methods 'PUT', 'POST', 'DELETE', and 'PATCH'
|
|
778
|
+
// `data` is request-specific: axios does not inherit or deep-merge it from defaults.
|
|
779
|
+
// To add shared body fields, use a request interceptor or transformRequest.
|
|
773
780
|
// When no `transformRequest` is set, it must be of one of the following types:
|
|
774
781
|
// - string, plain object, ArrayBuffer, ArrayBufferView, URLSearchParams
|
|
775
782
|
// - Browser only: FormData, File, Blob
|
|
783
|
+
// - React Native: FormData
|
|
776
784
|
// - Node only: Stream, Buffer, FormData (form-data package)
|
|
777
785
|
data: {
|
|
778
786
|
firstName: 'Fred'
|
|
@@ -877,10 +885,12 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
877
885
|
// Do whatever you want with the Axios progress event
|
|
878
886
|
},
|
|
879
887
|
|
|
880
|
-
// `maxContentLength` defines the max size of the
|
|
888
|
+
// `maxContentLength` defines the max size of the response content in bytes.
|
|
889
|
+
// It is enforced by the Node.js HTTP adapter and the fetch adapter.
|
|
881
890
|
maxContentLength: 2000,
|
|
882
891
|
|
|
883
|
-
// `maxBodyLength`
|
|
892
|
+
// `maxBodyLength` defines the max size of the request content in bytes.
|
|
893
|
+
// It is enforced by the Node.js HTTP adapter and the fetch adapter when the body length can be determined.
|
|
884
894
|
maxBodyLength: 2000,
|
|
885
895
|
|
|
886
896
|
// `redact` masks matching config keys when AxiosError#toJSON() is called.
|
|
@@ -888,8 +898,11 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
888
898
|
redact: ['authorization', 'password'],
|
|
889
899
|
|
|
890
900
|
// `validateStatus` defines whether to resolve or reject the promise for a given
|
|
891
|
-
// HTTP response status code. If `validateStatus` returns `true`
|
|
892
|
-
//
|
|
901
|
+
// HTTP response status code. If `validateStatus` returns `true` or is set to
|
|
902
|
+
// `null`, Axios resolves the promise; otherwise, Axios rejects it.
|
|
903
|
+
// Explicit `validateStatus: undefined` resolves every status by default for
|
|
904
|
+
// backward compatibility. Set `transitional.validateStatusUndefinedResolves`
|
|
905
|
+
// to `false` to make explicit `undefined` behave as if this option was omitted.
|
|
893
906
|
validateStatus: function (status) {
|
|
894
907
|
return status >= 200 && status < 300; // default
|
|
895
908
|
},
|
|
@@ -898,6 +911,12 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
898
911
|
// If set to 0, Axios follows no redirects.
|
|
899
912
|
maxRedirects: 21, // default
|
|
900
913
|
|
|
914
|
+
// `sensitiveHeaders` (Node only option) lists custom secret-bearing headers
|
|
915
|
+
// (such as `X-API-Key`) to remove from cross-origin redirects. Matching is
|
|
916
|
+
// case-insensitive. Same-origin redirects keep these headers. If
|
|
917
|
+
// `maxRedirects` is 0, this option is not used.
|
|
918
|
+
sensitiveHeaders: ['X-API-Key'],
|
|
919
|
+
|
|
901
920
|
// `beforeRedirect` defines a function that Axios calls before redirect.
|
|
902
921
|
// Use this to adjust the request options upon redirecting,
|
|
903
922
|
// to inspect the latest response headers,
|
|
@@ -957,6 +976,12 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
957
976
|
// for your proxy configuration, you can also define a `no_proxy` environment
|
|
958
977
|
// variable as a comma-separated list of domains that should not be proxied.
|
|
959
978
|
// Use `false` to disable proxies, ignoring environment variables.
|
|
979
|
+
// On Node.js versions with native environment proxy support, axios defers
|
|
980
|
+
// environment proxy handling to Node when the selected agent has `proxyEnv`
|
|
981
|
+
// enabled, including processes started with `NODE_USE_ENV_PROXY=1`,
|
|
982
|
+
// `--use-env-proxy`, or `NODE_OPTIONS=--use-env-proxy`. Custom agents without
|
|
983
|
+
// `proxyEnv` continue to use axios environment proxy resolution. Explicit
|
|
984
|
+
// `proxy` config is still handled by axios.
|
|
960
985
|
// `auth` indicates that HTTP Basic auth should be used to connect to the proxy, and
|
|
961
986
|
// supplies credentials.
|
|
962
987
|
// For `http://` targets, axios sends the request to the proxy in
|
|
@@ -1033,6 +1058,11 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
1033
1058
|
// throw ETIMEDOUT error instead of generic ECONNABORTED on request timeouts
|
|
1034
1059
|
clarifyTimeoutError: false,
|
|
1035
1060
|
|
|
1061
|
+
// keep explicit `validateStatus: undefined` resolving every response status
|
|
1062
|
+
// for backward compatibility. Set to false to make explicit undefined behave
|
|
1063
|
+
// as if validateStatus was omitted.
|
|
1064
|
+
validateStatusUndefinedResolves: true,
|
|
1065
|
+
|
|
1036
1066
|
// advertise `zstd` in the default Accept-Encoding header when the current
|
|
1037
1067
|
// Node.js runtime supports zstd decompression. Axios still decompresses
|
|
1038
1068
|
// zstd responses when support exists and `decompress` is true.
|
|
@@ -1063,6 +1093,15 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
1063
1093
|
}
|
|
1064
1094
|
```
|
|
1065
1095
|
|
|
1096
|
+
For custom secret-bearing headers in Node.js, list them in `sensitiveHeaders` so Axios removes them when following a redirect to another origin:
|
|
1097
|
+
|
|
1098
|
+
```js
|
|
1099
|
+
axios.get('https://api.example.com/users', {
|
|
1100
|
+
headers: { 'X-API-Key': 'secret' },
|
|
1101
|
+
sensitiveHeaders: ['X-API-Key'],
|
|
1102
|
+
});
|
|
1103
|
+
```
|
|
1104
|
+
|
|
1066
1105
|
### Strict RFC 3986 percent-encoding for query params
|
|
1067
1106
|
|
|
1068
1107
|
By default, axios decodes `%3A`, `%24`, `%2C` and `%20` back to `:`, `$`, `,` and `+` for readability (the `+` follows the `application/x-www-form-urlencoded` convention for spaces in query strings). These characters are valid in a query component under [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4), so the default output is correct, but some backends require strict percent-encoding and reject the readable form.
|
|
@@ -1073,12 +1112,12 @@ Override the default encoder via `paramsSerializer.encode`:
|
|
|
1073
1112
|
// Per-request: emit strict RFC 3986 percent-encoding for query values
|
|
1074
1113
|
axios.get('/foo', {
|
|
1075
1114
|
params: { filter: JSON.stringify({ startedAt: '2026-01-23' }) },
|
|
1076
|
-
paramsSerializer: { encode: encodeURIComponent }
|
|
1115
|
+
paramsSerializer: { encode: encodeURIComponent },
|
|
1077
1116
|
});
|
|
1078
1117
|
|
|
1079
1118
|
// Or set it on the instance defaults
|
|
1080
1119
|
const client = axios.create({
|
|
1081
|
-
paramsSerializer: { encode: encodeURIComponent }
|
|
1120
|
+
paramsSerializer: { encode: encodeURIComponent },
|
|
1082
1121
|
});
|
|
1083
1122
|
```
|
|
1084
1123
|
|
|
@@ -1167,6 +1206,8 @@ instance.defaults.headers.common['Authorization'] = AUTH_TOKEN;
|
|
|
1167
1206
|
|
|
1168
1207
|
Axios merges config in this order: library defaults from [lib/defaults/index.js](https://github.com/axios/axios/blob/main/lib/defaults/index.js#L49), the instance `defaults` property, and the request `config` argument. Later values take precedence over earlier ones.
|
|
1169
1208
|
|
|
1209
|
+
Some options are request-specific and are only taken from the request `config`. `data` is one of those options: axios does not inherit or deep-merge request bodies from global or instance defaults. If every request needs shared body fields, add them with a request interceptor or `transformRequest`, and scope that logic carefully so sensitive values are not sent to the wrong endpoint.
|
|
1210
|
+
|
|
1170
1211
|
```js
|
|
1171
1212
|
// Create an instance using the config defaults provided by the library
|
|
1172
1213
|
// At this point the timeout config value is `0` as is the default for the library
|
|
@@ -1360,7 +1401,7 @@ These are the internal Axios error codes:
|
|
|
1360
1401
|
| ERR_INVALID_URL | Invalid URL provided for axios request. |
|
|
1361
1402
|
| ECONNABORTED | Typically indicates that the request has been timed out (unless `transitional.clarifyTimeoutError` is set) or aborted by the browser or its plugin. |
|
|
1362
1403
|
| ERR_CANCELED | The user explicitly canceled the request with an AbortSignal or CancelToken. |
|
|
1363
|
-
| ETIMEDOUT | Request timed out after exceeding the configured Axios timeout. Set `transitional.clarifyTimeoutError` to `true`; otherwise Axios throws a generic `ECONNABORTED` error.
|
|
1404
|
+
| ETIMEDOUT | Request timed out after exceeding the configured Axios timeout. Set `transitional.clarifyTimeoutError` to `true`; otherwise Axios throws a generic `ECONNABORTED` error. |
|
|
1364
1405
|
| ERR_NETWORK | Network-related issue. In the browser, this error can also be caused by a [CORS](https://developer.mozilla.org/ru/docs/Web/HTTP/Guides/CORS) or [Mixed Content](https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content) policy violation. The browser does not allow the JS code to clarify the real reason for the error caused by security issues, so please check the console. |
|
|
1365
1406
|
| ERR_FR_TOO_MANY_REDIRECTS | Request exceeded the configured maximum number of redirects. |
|
|
1366
1407
|
| ERR_BAD_RESPONSE | Response cannot be parsed properly or is in an unexpected format. Usually related to a response with `5xx` status code. |
|
|
@@ -1401,6 +1442,19 @@ axios.get('/user/12345', {
|
|
|
1401
1442
|
});
|
|
1402
1443
|
```
|
|
1403
1444
|
|
|
1445
|
+
By default, explicit `validateStatus: undefined` keeps legacy behavior and resolves every response status because `transitional.validateStatusUndefinedResolves` defaults to `true`. Set it to `false` to make explicit `validateStatus: undefined` behave like the option was omitted, so Axios uses the configured/default validator and rejects non-2xx responses by default.
|
|
1446
|
+
|
|
1447
|
+
`validateStatus: null` still accepts every response status. If you disable the transitional behavior and intentionally want all statuses to resolve, use `null` or `() => true`.
|
|
1448
|
+
|
|
1449
|
+
```js
|
|
1450
|
+
axios.get('/user/12345', {
|
|
1451
|
+
validateStatus: undefined,
|
|
1452
|
+
transitional: {
|
|
1453
|
+
validateStatusUndefinedResolves: false,
|
|
1454
|
+
},
|
|
1455
|
+
});
|
|
1456
|
+
```
|
|
1457
|
+
|
|
1404
1458
|
Use `toJSON` to get more information about the HTTP error.
|
|
1405
1459
|
|
|
1406
1460
|
```js
|
|
@@ -1412,12 +1466,14 @@ axios.get('/user/12345').catch(function (error) {
|
|
|
1412
1466
|
To avoid logging secrets from `error.config`, pass a `redact` array in the request config. Matching config keys are masked case-insensitively at any depth when `AxiosError#toJSON()` is called.
|
|
1413
1467
|
|
|
1414
1468
|
```js
|
|
1415
|
-
axios
|
|
1416
|
-
|
|
1417
|
-
|
|
1418
|
-
|
|
1419
|
-
|
|
1420
|
-
|
|
1469
|
+
axios
|
|
1470
|
+
.get('/user/12345', {
|
|
1471
|
+
headers: { Authorization: 'Bearer token' },
|
|
1472
|
+
redact: ['authorization'],
|
|
1473
|
+
})
|
|
1474
|
+
.catch(function (error) {
|
|
1475
|
+
console.log(error.toJSON().config.headers.Authorization); // [REDACTED ****]
|
|
1476
|
+
});
|
|
1421
1477
|
```
|
|
1422
1478
|
|
|
1423
1479
|
## Handling timeouts
|
|
@@ -1527,11 +1583,44 @@ axios.get('/user/12345', {
|
|
|
1527
1583
|
cancel();
|
|
1528
1584
|
```
|
|
1529
1585
|
|
|
1586
|
+
`CancelToken` also exposes low-level helpers for legacy integrations:
|
|
1587
|
+
|
|
1588
|
+
```js
|
|
1589
|
+
const source = axios.CancelToken.source();
|
|
1590
|
+
|
|
1591
|
+
const listener = (cancel) => {
|
|
1592
|
+
console.log(cancel.message);
|
|
1593
|
+
};
|
|
1594
|
+
|
|
1595
|
+
source.token.subscribe(listener);
|
|
1596
|
+
|
|
1597
|
+
const signal = source.token.toAbortSignal();
|
|
1598
|
+
// Pass `signal` to APIs that accept AbortSignal.
|
|
1599
|
+
|
|
1600
|
+
source.cancel('Operation canceled by the user.');
|
|
1601
|
+
source.token.unsubscribe(listener);
|
|
1602
|
+
```
|
|
1603
|
+
|
|
1604
|
+
Canceled requests reject with `axios.CanceledError`. The legacy `axios.Cancel` export is an alias of `axios.CanceledError`, and cancellation errors include `__CANCEL__` for `axios.isCancel` compatibility.
|
|
1605
|
+
|
|
1530
1606
|
> Note: You can cancel several requests with the same cancel token or abort controller.
|
|
1531
1607
|
> If a cancellation token is already cancelled when an Axios request starts, Axios cancels the request immediately without making a real request.
|
|
1532
1608
|
|
|
1533
1609
|
> During the transition period, you can use both cancellation APIs, even for the same request:
|
|
1534
1610
|
|
|
1611
|
+
```js
|
|
1612
|
+
const controller = new AbortController();
|
|
1613
|
+
const source = axios.CancelToken.source();
|
|
1614
|
+
|
|
1615
|
+
axios.get('/user/12345', {
|
|
1616
|
+
cancelToken: source.token,
|
|
1617
|
+
signal: controller.signal,
|
|
1618
|
+
});
|
|
1619
|
+
|
|
1620
|
+
controller.abort();
|
|
1621
|
+
source.cancel('Operation canceled by the user.');
|
|
1622
|
+
```
|
|
1623
|
+
|
|
1535
1624
|
## Using `application/x-www-form-urlencoded` format
|
|
1536
1625
|
|
|
1537
1626
|
### URLSearchParams
|
|
@@ -1640,6 +1729,7 @@ server = app.listen(3000);
|
|
|
1640
1729
|
|
|
1641
1730
|
To send data as `multipart/form-data`, pass a FormData instance as the payload.
|
|
1642
1731
|
You do not need to set the `Content-Type` header. Axios detects it from the payload type.
|
|
1732
|
+
For browser, web worker, and React Native `FormData`, leave `Content-Type` unset so the runtime can add the multipart boundary.
|
|
1643
1733
|
|
|
1644
1734
|
```js
|
|
1645
1735
|
const formData = new FormData();
|
|
@@ -1732,6 +1822,9 @@ FormData serializer supports additional options via `config.formSerializer: obje
|
|
|
1732
1822
|
input object exceeds this depth, an `AxiosError` with `code: 'ERR_FORM_DATA_DEPTH_EXCEEDED'` is
|
|
1733
1823
|
thrown instead of overflowing the call stack. This protects server applications from DoS
|
|
1734
1824
|
attacks via deeply nested payloads. Set to `Infinity` to disable the limit and restore pre-fix behaviour.
|
|
1825
|
+
- `Blob: typeof Blob` - Blob constructor used when converting ArrayBuffer-like values for spec-compliant
|
|
1826
|
+
`FormData`. Override it only for runtimes that provide a compatible `Blob` constructor under a
|
|
1827
|
+
different binding.
|
|
1735
1828
|
|
|
1736
1829
|
```js
|
|
1737
1830
|
// Raise the limit for a schema that genuinely nests deeper than 100 levels:
|
|
@@ -2058,6 +2151,7 @@ console.log(headers);
|
|
|
2058
2151
|
set(headerName, value: Axios, rewrite?: boolean);
|
|
2059
2152
|
set(headerName, value, rewrite?: (this: AxiosHeaders, value: string, name: string, headers: RawAxiosHeaders) => boolean);
|
|
2060
2153
|
set(headers?: RawAxiosHeaders | AxiosHeaders | string, rewrite?: boolean);
|
|
2154
|
+
set(headers?: Iterable<[string, AxiosHeaderValue]>, rewrite?: boolean);
|
|
2061
2155
|
```
|
|
2062
2156
|
|
|
2063
2157
|
The `rewrite` argument controls the overwriting behavior:
|
|
@@ -2068,6 +2162,21 @@ The `rewrite` argument controls the overwriting behavior:
|
|
|
2068
2162
|
|
|
2069
2163
|
The option can also accept a user-defined function that determines whether to overwrite the value.
|
|
2070
2164
|
|
|
2165
|
+
Empty or whitespace-only header names are ignored.
|
|
2166
|
+
|
|
2167
|
+
Iterable key/value pairs, such as a `Map`, are accepted:
|
|
2168
|
+
|
|
2169
|
+
```js
|
|
2170
|
+
const headers = new AxiosHeaders();
|
|
2171
|
+
|
|
2172
|
+
headers.set(
|
|
2173
|
+
new Map([
|
|
2174
|
+
['X-Trace-Id', 'abc123'],
|
|
2175
|
+
['Accept', 'application/json'],
|
|
2176
|
+
])
|
|
2177
|
+
);
|
|
2178
|
+
```
|
|
2179
|
+
|
|
2071
2180
|
Returns `this`.
|
|
2072
2181
|
|
|
2073
2182
|
### AxiosHeaders#get(header)
|
|
@@ -2188,6 +2297,14 @@ toJSON(asStrings?: false): Record<string, string | string[]>;
|
|
|
2188
2297
|
Resolves all internal header values into a new null prototype object.
|
|
2189
2298
|
Set `asStrings` to true to resolve arrays as a string containing all elements, separated by commas.
|
|
2190
2299
|
|
|
2300
|
+
### AxiosHeaders#toString()
|
|
2301
|
+
|
|
2302
|
+
```
|
|
2303
|
+
toString(): string;
|
|
2304
|
+
```
|
|
2305
|
+
|
|
2306
|
+
Returns the headers as a CRLF-free HTTP header block, one `name: value` pair per line.
|
|
2307
|
+
|
|
2191
2308
|
### AxiosHeaders.from(thing?)
|
|
2192
2309
|
|
|
2193
2310
|
```
|
|
@@ -2243,6 +2360,8 @@ const { data } = fetchAxios.get(url);
|
|
|
2243
2360
|
The adapter supports the same features as the `xhr` adapter, including upload and download progress capturing.
|
|
2244
2361
|
It also supports response types such as `stream` and `formdata` when the environment supports them.
|
|
2245
2362
|
|
|
2363
|
+
When `auth` is omitted, the fetch adapter can read HTTP Basic auth credentials from the request URL, for example `https://user:pass@example.com`. Percent-encoded URL credentials are decoded before the `Authorization` header is generated, and `auth` takes precedence over URL-embedded credentials.
|
|
2364
|
+
|
|
2246
2365
|
### Custom fetch
|
|
2247
2366
|
|
|
2248
2367
|
Since `v1.12.0`, you can configure the fetch adapter to use a custom fetch API instead of environment globals.
|
|
@@ -2365,6 +2484,20 @@ try {
|
|
|
2365
2484
|
}
|
|
2366
2485
|
```
|
|
2367
2486
|
|
|
2487
|
+
Use `axios.isCancel<T>()` to narrow cancellation errors to `CanceledError<T>`:
|
|
2488
|
+
|
|
2489
|
+
```typescript
|
|
2490
|
+
const controller = new AbortController();
|
|
2491
|
+
|
|
2492
|
+
try {
|
|
2493
|
+
await axios.get<User>('/user?ID=12345', { signal: controller.signal });
|
|
2494
|
+
} catch (error) {
|
|
2495
|
+
if (axios.isCancel<User>(error)) {
|
|
2496
|
+
handleCancellation(error);
|
|
2497
|
+
}
|
|
2498
|
+
}
|
|
2499
|
+
```
|
|
2500
|
+
|
|
2368
2501
|
Because axios publishes an ESM default export and a CJS `module.exports`, TypeScript has a few caveats.
|
|
2369
2502
|
The recommended setting is `"moduleResolution": "node16"`, which is implied by `"module": "node16"`. This requires TypeScript 4.7 or greater.
|
|
2370
2503
|
If you use ESM, your settings should be fine.
|