axios 1.18.0 → 1.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/README.md +128 -23
- package/dist/axios.js +64 -15
- package/dist/axios.min.js +2 -2
- package/dist/axios.min.js.map +1 -1
- package/dist/browser/axios.cjs +70 -28
- package/dist/esm/axios.js +70 -28
- package/dist/esm/axios.min.js +2 -2
- package/dist/esm/axios.min.js.map +1 -1
- package/dist/node/axios.cjs +123 -33
- package/index.d.cts +17 -1
- package/index.d.ts +17 -1
- package/lib/adapters/adapters.js +1 -1
- package/lib/adapters/fetch.js +27 -12
- package/lib/adapters/http.js +88 -16
- package/lib/adapters/xhr.js +1 -0
- package/lib/core/AxiosError.js +13 -1
- package/lib/core/mergeConfig.js +1 -0
- package/lib/env/data.js +1 -1
- package/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/lib/helpers/buildURL.js +1 -0
- package/lib/helpers/composeSignals.js +1 -1
- package/lib/helpers/cookies.js +5 -1
- package/lib/helpers/fromDataURI.js +4 -2
- package/lib/helpers/resolveConfig.js +10 -5
- package/lib/helpers/toFormData.js +7 -1
- package/lib/helpers/validator.js +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,37 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## v1.18.0 — June 13, 2026
|
|
4
|
+
|
|
5
|
+
This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.
|
|
6
|
+
|
|
7
|
+
## 🔒 Security Fixes
|
|
8
|
+
|
|
9
|
+
* **Redirect Header Safety:** Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (__#10892__)
|
|
10
|
+
|
|
11
|
+
* **URL And Request Hardening:** Rejects malformed `http:` and `https:` URLs that omit `//` with `ERR_INVALID_URL`, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local `NO_PROXY` matching. (__#11000__)
|
|
12
|
+
|
|
13
|
+
## 🐛 Bug Fixes
|
|
14
|
+
|
|
15
|
+
* **Status Validation:** Added `transitional.validateStatusUndefinedResolves` so applications can opt in to treating `validateStatus: undefined` like the option was omitted, while `validateStatus: null` remains the explicit way to accept every status. (__#10899__)
|
|
16
|
+
|
|
17
|
+
## 🔧 Maintenance & Chores
|
|
18
|
+
|
|
19
|
+
* **Documentation:** Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the `proxy` request config as Node.js-only in the advanced docs. (__#10984__, __#10988__, __#10992__, __#10995__)
|
|
20
|
+
|
|
21
|
+
* **Dependencies:** Bumped `@babel/core`, `@babel/preset-env`, `@commitlint/cli`, `@commitlint/config-conventional`, `@rollup/plugin-babel`, `@rollup/plugin-commonjs`, `@vitest/browser`, `@vitest/browser-playwright`, `eslint`, `lint-staged`, `rollup`, `vitest`, and `actions/checkout`. (__#10989__, __#10996__, __#10997__)
|
|
22
|
+
|
|
23
|
+
* **Release Metadata:** Prepared the 1.18.0 release by updating package metadata and the runtime `VERSION` value. (__#11003__)
|
|
24
|
+
|
|
25
|
+
## 🌟 New Contributors
|
|
26
|
+
|
|
27
|
+
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
|
|
28
|
+
|
|
29
|
+
* __@drori12__ (__#10984__)
|
|
30
|
+
* __@eyupcanakman__ (__#10899__)
|
|
31
|
+
* __@Adi-Beker__ (__#10995__)
|
|
32
|
+
|
|
33
|
+
[Full Changelog](https://github.com/axios/axios/compare/v1.17.0...v1.18.0)
|
|
34
|
+
|
|
3
35
|
## v1.17.0 — June 1, 2026
|
|
4
36
|
|
|
5
37
|
This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.
|
package/README.md
CHANGED
|
@@ -298,7 +298,6 @@
|
|
|
298
298
|
</tr>
|
|
299
299
|
</table>
|
|
300
300
|
|
|
301
|
-
|
|
302
301
|
<!--<div>marker</div>-->
|
|
303
302
|
|
|
304
303
|
<br><br>
|
|
@@ -430,6 +429,12 @@ Using bun:
|
|
|
430
429
|
$ bun add axios
|
|
431
430
|
```
|
|
432
431
|
|
|
432
|
+
Using Deno:
|
|
433
|
+
|
|
434
|
+
```bash
|
|
435
|
+
$ deno add axios
|
|
436
|
+
```
|
|
437
|
+
|
|
433
438
|
Once the package is installed, import it with `import` or `require`:
|
|
434
439
|
|
|
435
440
|
```js
|
|
@@ -513,16 +518,16 @@ axios
|
|
|
513
518
|
// Want to use async/await? Add the `async` keyword to your outer function/method.
|
|
514
519
|
async function getUser() {
|
|
515
520
|
try {
|
|
516
|
-
// Example: GET request with query parameters
|
|
517
|
-
const response = await axios.get('/user', {
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
});
|
|
521
|
+
// Example: GET request with query parameters
|
|
522
|
+
const response = await axios.get('/user', {
|
|
523
|
+
params: {
|
|
524
|
+
ID: 12345,
|
|
525
|
+
},
|
|
526
|
+
});
|
|
522
527
|
|
|
523
|
-
// Using the `params` option improves readability and automatically formats query strings
|
|
528
|
+
// Using the `params` option improves readability and automatically formats query strings
|
|
524
529
|
|
|
525
|
-
console.log(response);
|
|
530
|
+
console.log(response);
|
|
526
531
|
} catch (error) {
|
|
527
532
|
console.error(error);
|
|
528
533
|
}
|
|
@@ -770,6 +775,8 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
770
775
|
|
|
771
776
|
// `data` is the data to be sent as the request body
|
|
772
777
|
// Only applicable for request methods 'PUT', 'POST', 'DELETE', and 'PATCH'
|
|
778
|
+
// `data` is request-specific: axios does not inherit or deep-merge it from defaults.
|
|
779
|
+
// To add shared body fields, use a request interceptor or transformRequest.
|
|
773
780
|
// When no `transformRequest` is set, it must be of one of the following types:
|
|
774
781
|
// - string, plain object, ArrayBuffer, ArrayBufferView, URLSearchParams
|
|
775
782
|
// - Browser only: FormData, File, Blob
|
|
@@ -891,8 +898,11 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
891
898
|
redact: ['authorization', 'password'],
|
|
892
899
|
|
|
893
900
|
// `validateStatus` defines whether to resolve or reject the promise for a given
|
|
894
|
-
// HTTP response status code. If `validateStatus` returns `true`
|
|
895
|
-
//
|
|
901
|
+
// HTTP response status code. If `validateStatus` returns `true` or is set to
|
|
902
|
+
// `null`, Axios resolves the promise; otherwise, Axios rejects it.
|
|
903
|
+
// Explicit `validateStatus: undefined` resolves every status by default for
|
|
904
|
+
// backward compatibility. Set `transitional.validateStatusUndefinedResolves`
|
|
905
|
+
// to `false` to make explicit `undefined` behave as if this option was omitted.
|
|
896
906
|
validateStatus: function (status) {
|
|
897
907
|
return status >= 200 && status < 300; // default
|
|
898
908
|
},
|
|
@@ -902,9 +912,9 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
902
912
|
maxRedirects: 21, // default
|
|
903
913
|
|
|
904
914
|
// `sensitiveHeaders` (Node only option) lists custom secret-bearing headers
|
|
905
|
-
// to remove from cross-origin redirects. Matching is
|
|
906
|
-
// Same-origin redirects keep these headers. If
|
|
907
|
-
// option is not used.
|
|
915
|
+
// (such as `X-API-Key`) to remove from cross-origin redirects. Matching is
|
|
916
|
+
// case-insensitive. Same-origin redirects keep these headers. If
|
|
917
|
+
// `maxRedirects` is 0, this option is not used.
|
|
908
918
|
sensitiveHeaders: ['X-API-Key'],
|
|
909
919
|
|
|
910
920
|
// `beforeRedirect` defines a function that Axios calls before redirect.
|
|
@@ -966,6 +976,12 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
966
976
|
// for your proxy configuration, you can also define a `no_proxy` environment
|
|
967
977
|
// variable as a comma-separated list of domains that should not be proxied.
|
|
968
978
|
// Use `false` to disable proxies, ignoring environment variables.
|
|
979
|
+
// On Node.js versions with native environment proxy support, axios defers
|
|
980
|
+
// environment proxy handling to Node when the selected agent has `proxyEnv`
|
|
981
|
+
// enabled, including processes started with `NODE_USE_ENV_PROXY=1`,
|
|
982
|
+
// `--use-env-proxy`, or `NODE_OPTIONS=--use-env-proxy`. Custom agents without
|
|
983
|
+
// `proxyEnv` continue to use axios environment proxy resolution. Explicit
|
|
984
|
+
// `proxy` config is still handled by axios.
|
|
969
985
|
// `auth` indicates that HTTP Basic auth should be used to connect to the proxy, and
|
|
970
986
|
// supplies credentials.
|
|
971
987
|
// For `http://` targets, axios sends the request to the proxy in
|
|
@@ -1042,6 +1058,11 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
1042
1058
|
// throw ETIMEDOUT error instead of generic ECONNABORTED on request timeouts
|
|
1043
1059
|
clarifyTimeoutError: false,
|
|
1044
1060
|
|
|
1061
|
+
// keep explicit `validateStatus: undefined` resolving every response status
|
|
1062
|
+
// for backward compatibility. Set to false to make explicit undefined behave
|
|
1063
|
+
// as if validateStatus was omitted.
|
|
1064
|
+
validateStatusUndefinedResolves: true,
|
|
1065
|
+
|
|
1045
1066
|
// advertise `zstd` in the default Accept-Encoding header when the current
|
|
1046
1067
|
// Node.js runtime supports zstd decompression. Axios still decompresses
|
|
1047
1068
|
// zstd responses when support exists and `decompress` is true.
|
|
@@ -1072,6 +1093,15 @@ These config options are available for requests. Only `url` is required. Request
|
|
|
1072
1093
|
}
|
|
1073
1094
|
```
|
|
1074
1095
|
|
|
1096
|
+
For custom secret-bearing headers in Node.js, list them in `sensitiveHeaders` so Axios removes them when following a redirect to another origin:
|
|
1097
|
+
|
|
1098
|
+
```js
|
|
1099
|
+
axios.get('https://api.example.com/users', {
|
|
1100
|
+
headers: { 'X-API-Key': 'secret' },
|
|
1101
|
+
sensitiveHeaders: ['X-API-Key'],
|
|
1102
|
+
});
|
|
1103
|
+
```
|
|
1104
|
+
|
|
1075
1105
|
### Strict RFC 3986 percent-encoding for query params
|
|
1076
1106
|
|
|
1077
1107
|
By default, axios decodes `%3A`, `%24`, `%2C` and `%20` back to `:`, `$`, `,` and `+` for readability (the `+` follows the `application/x-www-form-urlencoded` convention for spaces in query strings). These characters are valid in a query component under [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4), so the default output is correct, but some backends require strict percent-encoding and reject the readable form.
|
|
@@ -1082,12 +1112,12 @@ Override the default encoder via `paramsSerializer.encode`:
|
|
|
1082
1112
|
// Per-request: emit strict RFC 3986 percent-encoding for query values
|
|
1083
1113
|
axios.get('/foo', {
|
|
1084
1114
|
params: { filter: JSON.stringify({ startedAt: '2026-01-23' }) },
|
|
1085
|
-
paramsSerializer: { encode: encodeURIComponent }
|
|
1115
|
+
paramsSerializer: { encode: encodeURIComponent },
|
|
1086
1116
|
});
|
|
1087
1117
|
|
|
1088
1118
|
// Or set it on the instance defaults
|
|
1089
1119
|
const client = axios.create({
|
|
1090
|
-
paramsSerializer: { encode: encodeURIComponent }
|
|
1120
|
+
paramsSerializer: { encode: encodeURIComponent },
|
|
1091
1121
|
});
|
|
1092
1122
|
```
|
|
1093
1123
|
|
|
@@ -1176,6 +1206,8 @@ instance.defaults.headers.common['Authorization'] = AUTH_TOKEN;
|
|
|
1176
1206
|
|
|
1177
1207
|
Axios merges config in this order: library defaults from [lib/defaults/index.js](https://github.com/axios/axios/blob/main/lib/defaults/index.js#L49), the instance `defaults` property, and the request `config` argument. Later values take precedence over earlier ones.
|
|
1178
1208
|
|
|
1209
|
+
Some options are request-specific and are only taken from the request `config`. `data` is one of those options: axios does not inherit or deep-merge request bodies from global or instance defaults. If every request needs shared body fields, add them with a request interceptor or `transformRequest`, and scope that logic carefully so sensitive values are not sent to the wrong endpoint.
|
|
1210
|
+
|
|
1179
1211
|
```js
|
|
1180
1212
|
// Create an instance using the config defaults provided by the library
|
|
1181
1213
|
// At this point the timeout config value is `0` as is the default for the library
|
|
@@ -1369,7 +1401,7 @@ These are the internal Axios error codes:
|
|
|
1369
1401
|
| ERR_INVALID_URL | Invalid URL provided for axios request. |
|
|
1370
1402
|
| ECONNABORTED | Typically indicates that the request has been timed out (unless `transitional.clarifyTimeoutError` is set) or aborted by the browser or its plugin. |
|
|
1371
1403
|
| ERR_CANCELED | The user explicitly canceled the request with an AbortSignal or CancelToken. |
|
|
1372
|
-
| ETIMEDOUT | Request timed out after exceeding the configured Axios timeout. Set `transitional.clarifyTimeoutError` to `true`; otherwise Axios throws a generic `ECONNABORTED` error.
|
|
1404
|
+
| ETIMEDOUT | Request timed out after exceeding the configured Axios timeout. Set `transitional.clarifyTimeoutError` to `true`; otherwise Axios throws a generic `ECONNABORTED` error. |
|
|
1373
1405
|
| ERR_NETWORK | Network-related issue. In the browser, this error can also be caused by a [CORS](https://developer.mozilla.org/ru/docs/Web/HTTP/Guides/CORS) or [Mixed Content](https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content) policy violation. The browser does not allow the JS code to clarify the real reason for the error caused by security issues, so please check the console. |
|
|
1374
1406
|
| ERR_FR_TOO_MANY_REDIRECTS | Request exceeded the configured maximum number of redirects. |
|
|
1375
1407
|
| ERR_BAD_RESPONSE | Response cannot be parsed properly or is in an unexpected format. Usually related to a response with `5xx` status code. |
|
|
@@ -1410,6 +1442,19 @@ axios.get('/user/12345', {
|
|
|
1410
1442
|
});
|
|
1411
1443
|
```
|
|
1412
1444
|
|
|
1445
|
+
By default, explicit `validateStatus: undefined` keeps legacy behavior and resolves every response status because `transitional.validateStatusUndefinedResolves` defaults to `true`. Set it to `false` to make explicit `validateStatus: undefined` behave like the option was omitted, so Axios uses the configured/default validator and rejects non-2xx responses by default.
|
|
1446
|
+
|
|
1447
|
+
`validateStatus: null` still accepts every response status. If you disable the transitional behavior and intentionally want all statuses to resolve, use `null` or `() => true`.
|
|
1448
|
+
|
|
1449
|
+
```js
|
|
1450
|
+
axios.get('/user/12345', {
|
|
1451
|
+
validateStatus: undefined,
|
|
1452
|
+
transitional: {
|
|
1453
|
+
validateStatusUndefinedResolves: false,
|
|
1454
|
+
},
|
|
1455
|
+
});
|
|
1456
|
+
```
|
|
1457
|
+
|
|
1413
1458
|
Use `toJSON` to get more information about the HTTP error.
|
|
1414
1459
|
|
|
1415
1460
|
```js
|
|
@@ -1421,12 +1466,14 @@ axios.get('/user/12345').catch(function (error) {
|
|
|
1421
1466
|
To avoid logging secrets from `error.config`, pass a `redact` array in the request config. Matching config keys are masked case-insensitively at any depth when `AxiosError#toJSON()` is called.
|
|
1422
1467
|
|
|
1423
1468
|
```js
|
|
1424
|
-
axios
|
|
1425
|
-
|
|
1426
|
-
|
|
1427
|
-
|
|
1428
|
-
|
|
1429
|
-
|
|
1469
|
+
axios
|
|
1470
|
+
.get('/user/12345', {
|
|
1471
|
+
headers: { Authorization: 'Bearer token' },
|
|
1472
|
+
redact: ['authorization'],
|
|
1473
|
+
})
|
|
1474
|
+
.catch(function (error) {
|
|
1475
|
+
console.log(error.toJSON().config.headers.Authorization); // [REDACTED ****]
|
|
1476
|
+
});
|
|
1430
1477
|
```
|
|
1431
1478
|
|
|
1432
1479
|
## Handling timeouts
|
|
@@ -1536,11 +1583,44 @@ axios.get('/user/12345', {
|
|
|
1536
1583
|
cancel();
|
|
1537
1584
|
```
|
|
1538
1585
|
|
|
1586
|
+
`CancelToken` also exposes low-level helpers for legacy integrations:
|
|
1587
|
+
|
|
1588
|
+
```js
|
|
1589
|
+
const source = axios.CancelToken.source();
|
|
1590
|
+
|
|
1591
|
+
const listener = (cancel) => {
|
|
1592
|
+
console.log(cancel.message);
|
|
1593
|
+
};
|
|
1594
|
+
|
|
1595
|
+
source.token.subscribe(listener);
|
|
1596
|
+
|
|
1597
|
+
const signal = source.token.toAbortSignal();
|
|
1598
|
+
// Pass `signal` to APIs that accept AbortSignal.
|
|
1599
|
+
|
|
1600
|
+
source.cancel('Operation canceled by the user.');
|
|
1601
|
+
source.token.unsubscribe(listener);
|
|
1602
|
+
```
|
|
1603
|
+
|
|
1604
|
+
Canceled requests reject with `axios.CanceledError`. The legacy `axios.Cancel` export is an alias of `axios.CanceledError`, and cancellation errors include `__CANCEL__` for `axios.isCancel` compatibility.
|
|
1605
|
+
|
|
1539
1606
|
> Note: You can cancel several requests with the same cancel token or abort controller.
|
|
1540
1607
|
> If a cancellation token is already cancelled when an Axios request starts, Axios cancels the request immediately without making a real request.
|
|
1541
1608
|
|
|
1542
1609
|
> During the transition period, you can use both cancellation APIs, even for the same request:
|
|
1543
1610
|
|
|
1611
|
+
```js
|
|
1612
|
+
const controller = new AbortController();
|
|
1613
|
+
const source = axios.CancelToken.source();
|
|
1614
|
+
|
|
1615
|
+
axios.get('/user/12345', {
|
|
1616
|
+
cancelToken: source.token,
|
|
1617
|
+
signal: controller.signal,
|
|
1618
|
+
});
|
|
1619
|
+
|
|
1620
|
+
controller.abort();
|
|
1621
|
+
source.cancel('Operation canceled by the user.');
|
|
1622
|
+
```
|
|
1623
|
+
|
|
1544
1624
|
## Using `application/x-www-form-urlencoded` format
|
|
1545
1625
|
|
|
1546
1626
|
### URLSearchParams
|
|
@@ -1742,6 +1822,9 @@ FormData serializer supports additional options via `config.formSerializer: obje
|
|
|
1742
1822
|
input object exceeds this depth, an `AxiosError` with `code: 'ERR_FORM_DATA_DEPTH_EXCEEDED'` is
|
|
1743
1823
|
thrown instead of overflowing the call stack. This protects server applications from DoS
|
|
1744
1824
|
attacks via deeply nested payloads. Set to `Infinity` to disable the limit and restore pre-fix behaviour.
|
|
1825
|
+
- `Blob: typeof Blob` - Blob constructor used when converting ArrayBuffer-like values for spec-compliant
|
|
1826
|
+
`FormData`. Override it only for runtimes that provide a compatible `Blob` constructor under a
|
|
1827
|
+
different binding.
|
|
1745
1828
|
|
|
1746
1829
|
```js
|
|
1747
1830
|
// Raise the limit for a schema that genuinely nests deeper than 100 levels:
|
|
@@ -2068,6 +2151,7 @@ console.log(headers);
|
|
|
2068
2151
|
set(headerName, value: Axios, rewrite?: boolean);
|
|
2069
2152
|
set(headerName, value, rewrite?: (this: AxiosHeaders, value: string, name: string, headers: RawAxiosHeaders) => boolean);
|
|
2070
2153
|
set(headers?: RawAxiosHeaders | AxiosHeaders | string, rewrite?: boolean);
|
|
2154
|
+
set(headers?: Iterable<[string, AxiosHeaderValue]>, rewrite?: boolean);
|
|
2071
2155
|
```
|
|
2072
2156
|
|
|
2073
2157
|
The `rewrite` argument controls the overwriting behavior:
|
|
@@ -2080,6 +2164,19 @@ The option can also accept a user-defined function that determines whether to ov
|
|
|
2080
2164
|
|
|
2081
2165
|
Empty or whitespace-only header names are ignored.
|
|
2082
2166
|
|
|
2167
|
+
Iterable key/value pairs, such as a `Map`, are accepted:
|
|
2168
|
+
|
|
2169
|
+
```js
|
|
2170
|
+
const headers = new AxiosHeaders();
|
|
2171
|
+
|
|
2172
|
+
headers.set(
|
|
2173
|
+
new Map([
|
|
2174
|
+
['X-Trace-Id', 'abc123'],
|
|
2175
|
+
['Accept', 'application/json'],
|
|
2176
|
+
])
|
|
2177
|
+
);
|
|
2178
|
+
```
|
|
2179
|
+
|
|
2083
2180
|
Returns `this`.
|
|
2084
2181
|
|
|
2085
2182
|
### AxiosHeaders#get(header)
|
|
@@ -2200,6 +2297,14 @@ toJSON(asStrings?: false): Record<string, string | string[]>;
|
|
|
2200
2297
|
Resolves all internal header values into a new null prototype object.
|
|
2201
2298
|
Set `asStrings` to true to resolve arrays as a string containing all elements, separated by commas.
|
|
2202
2299
|
|
|
2300
|
+
### AxiosHeaders#toString()
|
|
2301
|
+
|
|
2302
|
+
```
|
|
2303
|
+
toString(): string;
|
|
2304
|
+
```
|
|
2305
|
+
|
|
2306
|
+
Returns the headers as a CRLF-free HTTP header block, one `name: value` pair per line.
|
|
2307
|
+
|
|
2203
2308
|
### AxiosHeaders.from(thing?)
|
|
2204
2309
|
|
|
2205
2310
|
```
|
package/dist/axios.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! Axios v1.18.
|
|
1
|
+
/*! Axios v1.18.1 Copyright (c) 2026 Matt Zabriskie and contributors */
|
|
2
2
|
(function (global, factory) {
|
|
3
3
|
typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
|
|
4
4
|
typeof define === 'function' && define.amd ? define(factory) :
|
|
@@ -2040,7 +2040,19 @@
|
|
|
2040
2040
|
key: "from",
|
|
2041
2041
|
value: function from(error, code, config, request, response, customProps) {
|
|
2042
2042
|
var axiosError = new AxiosError(error.message, code || error.code, config, request, response);
|
|
2043
|
-
|
|
2043
|
+
// Match native `Error` `cause` semantics: non-enumerable. The wrapped
|
|
2044
|
+
// error often carries circular internals (sockets, requests, agents), so
|
|
2045
|
+
// an enumerable `cause` makes structured loggers (pino/winston) and any
|
|
2046
|
+
// own-property walk throw "Converting circular structure to JSON".
|
|
2047
|
+
// Regression from #6982; see #7205. `__proto__: null` mirrors the
|
|
2048
|
+
// `message` descriptor below (prototype-pollution-safe descriptor).
|
|
2049
|
+
Object.defineProperty(axiosError, 'cause', {
|
|
2050
|
+
__proto__: null,
|
|
2051
|
+
value: error,
|
|
2052
|
+
writable: true,
|
|
2053
|
+
enumerable: false,
|
|
2054
|
+
configurable: true
|
|
2055
|
+
});
|
|
2044
2056
|
axiosError.name = error.name;
|
|
2045
2057
|
|
|
2046
2058
|
// Preserve status from the original error if not already set from response
|
|
@@ -2192,7 +2204,13 @@
|
|
|
2192
2204
|
throw new AxiosError('Blob is not supported. Use a Buffer instead.');
|
|
2193
2205
|
}
|
|
2194
2206
|
if (utils$1.isArrayBuffer(value) || utils$1.isTypedArray(value)) {
|
|
2195
|
-
|
|
2207
|
+
if (useBlob && typeof _Blob === 'function') {
|
|
2208
|
+
return new _Blob([value]);
|
|
2209
|
+
}
|
|
2210
|
+
if (typeof Buffer !== 'undefined') {
|
|
2211
|
+
return Buffer.from(value);
|
|
2212
|
+
}
|
|
2213
|
+
throw new AxiosError('Blob is not supported. Use a Buffer instead.', AxiosError.ERR_NOT_SUPPORT);
|
|
2196
2214
|
}
|
|
2197
2215
|
return value;
|
|
2198
2216
|
}
|
|
@@ -2325,8 +2343,9 @@
|
|
|
2325
2343
|
this._pairs.push([name, value]);
|
|
2326
2344
|
};
|
|
2327
2345
|
prototype.toString = function toString(encoder) {
|
|
2346
|
+
var _this = this;
|
|
2328
2347
|
var _encode = encoder ? function (value) {
|
|
2329
|
-
return encoder.call(
|
|
2348
|
+
return encoder.call(_this, value, encode$1);
|
|
2330
2349
|
} : encode$1;
|
|
2331
2350
|
return this._pairs.map(function each(pair) {
|
|
2332
2351
|
return _encode(pair[0]) + '=' + _encode(pair[1]);
|
|
@@ -2358,6 +2377,7 @@
|
|
|
2358
2377
|
if (!params) {
|
|
2359
2378
|
return url;
|
|
2360
2379
|
}
|
|
2380
|
+
url = url || '';
|
|
2361
2381
|
var _options = utils$1.isFunction(options) ? {
|
|
2362
2382
|
serialize: options
|
|
2363
2383
|
} : options;
|
|
@@ -3005,7 +3025,11 @@
|
|
|
3005
3025
|
var cookie = cookies[i].replace(/^\s+/, '');
|
|
3006
3026
|
var eq = cookie.indexOf('=');
|
|
3007
3027
|
if (eq !== -1 && cookie.slice(0, eq) === name) {
|
|
3008
|
-
|
|
3028
|
+
try {
|
|
3029
|
+
return decodeURIComponent(cookie.slice(eq + 1));
|
|
3030
|
+
} catch (e) {
|
|
3031
|
+
return cookie.slice(eq + 1);
|
|
3032
|
+
}
|
|
3009
3033
|
}
|
|
3010
3034
|
}
|
|
3011
3035
|
return null;
|
|
@@ -3105,6 +3129,7 @@
|
|
|
3105
3129
|
*/
|
|
3106
3130
|
function mergeConfig(config1, config2) {
|
|
3107
3131
|
// eslint-disable-next-line no-param-reassign
|
|
3132
|
+
config1 = config1 || {};
|
|
3108
3133
|
config2 = config2 || {};
|
|
3109
3134
|
|
|
3110
3135
|
// Use a null-prototype object so that downstream reads such as `config.auth`
|
|
@@ -3240,7 +3265,7 @@
|
|
|
3240
3265
|
headers.set(formHeaders);
|
|
3241
3266
|
return;
|
|
3242
3267
|
}
|
|
3243
|
-
Object.entries(formHeaders).forEach(function (_ref) {
|
|
3268
|
+
Object.entries(formHeaders || {}).forEach(function (_ref) {
|
|
3244
3269
|
var _ref2 = _slicedToArray(_ref, 2),
|
|
3245
3270
|
key = _ref2[0],
|
|
3246
3271
|
val = _ref2[1];
|
|
@@ -3287,7 +3312,11 @@
|
|
|
3287
3312
|
if (auth) {
|
|
3288
3313
|
var username = utils$1.getSafeProp(auth, 'username') || '';
|
|
3289
3314
|
var password = utils$1.getSafeProp(auth, 'password') || '';
|
|
3290
|
-
|
|
3315
|
+
try {
|
|
3316
|
+
headers.set('Authorization', 'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : '')));
|
|
3317
|
+
} catch (e) {
|
|
3318
|
+
throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
|
|
3319
|
+
}
|
|
3291
3320
|
}
|
|
3292
3321
|
if (utils$1.isFormData(data)) {
|
|
3293
3322
|
if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv || utils$1.isReactNative(data)) {
|
|
@@ -3492,6 +3521,7 @@
|
|
|
3492
3521
|
var protocol = parseProtocol(_config.url);
|
|
3493
3522
|
if (protocol && !platform.protocols.includes(protocol)) {
|
|
3494
3523
|
reject(new AxiosError('Unsupported protocol ' + protocol + ':', AxiosError.ERR_BAD_REQUEST, config));
|
|
3524
|
+
done();
|
|
3495
3525
|
return;
|
|
3496
3526
|
}
|
|
3497
3527
|
|
|
@@ -3531,7 +3561,9 @@
|
|
|
3531
3561
|
signals = null;
|
|
3532
3562
|
};
|
|
3533
3563
|
signals.forEach(function (signal) {
|
|
3534
|
-
return signal.addEventListener('abort', onabort
|
|
3564
|
+
return signal.addEventListener('abort', onabort, {
|
|
3565
|
+
once: true
|
|
3566
|
+
});
|
|
3535
3567
|
});
|
|
3536
3568
|
var signal = controller.signal;
|
|
3537
3569
|
signal.unsubscribe = function () {
|
|
@@ -3841,7 +3873,7 @@
|
|
|
3841
3873
|
return bytes;
|
|
3842
3874
|
}
|
|
3843
3875
|
|
|
3844
|
-
var VERSION = "1.18.
|
|
3876
|
+
var VERSION = "1.18.1";
|
|
3845
3877
|
|
|
3846
3878
|
var DEFAULT_CHUNK_SIZE = 64 * 1024;
|
|
3847
3879
|
var isFunction = utils$1.isFunction;
|
|
@@ -4045,7 +4077,7 @@
|
|
|
4045
4077
|
}();
|
|
4046
4078
|
return /*#__PURE__*/function () {
|
|
4047
4079
|
var _ref4 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee4(config) {
|
|
4048
|
-
var _resolveConfig, url, method, data, signal, cancelToken, timeout, onDownloadProgress, onUploadProgress, responseType, headers, _resolveConfig$withCr, withCredentials, fetchOptions, maxContentLength, maxBodyLength, hasMaxContentLength, hasMaxBodyLength, own, _fetch, composedSignal, request, unsubscribe, requestContentLength, pendingBodyError, maxBodyLengthError, auth, configAuth, username, password, parsedURL, urlUsername, urlPassword, estimated, outboundLength, mustEnforceStreamBody, trackRequestStream, _request, contentTypeHeader, _ref5, _ref6, onProgress, flush, isCredentialsSupported, contentType, resolvedOptions, response, responseHeaders, declaredLength, isStreamResponse, options, responseContentLength, _ref7, _ref8, _onProgress, _flush, bytesRead, onChunkProgress, responseData, materializedSize, canceledError, _t3, _t4;
|
|
4080
|
+
var _resolveConfig, url, method, data, signal, cancelToken, timeout, onDownloadProgress, onUploadProgress, responseType, headers, _resolveConfig$withCr, withCredentials, fetchOptions, maxContentLength, maxBodyLength, hasMaxContentLength, hasMaxBodyLength, own, _fetch, composedSignal, request, unsubscribe, requestContentLength, pendingBodyError, maxBodyLengthError, auth, configAuth, username, password, parsedURL, urlUsername, urlPassword, estimated, outboundLength, mustEnforceStreamBody, trackRequestStream, _request, contentTypeHeader, _ref5, _ref6, onProgress, flush, isCredentialsSupported, contentType, resolvedOptions, response, responseHeaders, declaredLength, isStreamResponse, options, responseContentLength, _ref7, _ref8, _onProgress, _flush, bytesRead, onChunkProgress, responseData, materializedSize, canceledError, networkError, _t3, _t4;
|
|
4049
4081
|
return _regenerator().w(function (_context4) {
|
|
4050
4082
|
while (1) switch (_context4.p = _context4.n) {
|
|
4051
4083
|
case 0:
|
|
@@ -4317,7 +4349,17 @@
|
|
|
4317
4349
|
canceledError = composedSignal.reason;
|
|
4318
4350
|
canceledError.config = config;
|
|
4319
4351
|
request && (canceledError.request = request);
|
|
4320
|
-
_t4 !== canceledError
|
|
4352
|
+
if (_t4 !== canceledError) {
|
|
4353
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
4354
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
4355
|
+
Object.defineProperty(canceledError, 'cause', {
|
|
4356
|
+
__proto__: null,
|
|
4357
|
+
value: _t4,
|
|
4358
|
+
writable: true,
|
|
4359
|
+
enumerable: false,
|
|
4360
|
+
configurable: true
|
|
4361
|
+
});
|
|
4362
|
+
}
|
|
4321
4363
|
throw canceledError;
|
|
4322
4364
|
case 17:
|
|
4323
4365
|
if (!pendingBodyError) {
|
|
@@ -4338,9 +4380,16 @@
|
|
|
4338
4380
|
_context4.n = 20;
|
|
4339
4381
|
break;
|
|
4340
4382
|
}
|
|
4341
|
-
|
|
4342
|
-
|
|
4383
|
+
networkError = new AxiosError('Network Error', AxiosError.ERR_NETWORK, config, request, _t4 && _t4.response); // Non-enumerable to match native Error `cause` semantics so loggers
|
|
4384
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
4385
|
+
Object.defineProperty(networkError, 'cause', {
|
|
4386
|
+
__proto__: null,
|
|
4387
|
+
value: _t4.cause || _t4,
|
|
4388
|
+
writable: true,
|
|
4389
|
+
enumerable: false,
|
|
4390
|
+
configurable: true
|
|
4343
4391
|
});
|
|
4392
|
+
throw networkError;
|
|
4344
4393
|
case 20:
|
|
4345
4394
|
throw AxiosError.from(_t4, _t4 && _t4.code, config, request, _t4 && _t4.response);
|
|
4346
4395
|
case 21:
|
|
@@ -4472,7 +4521,7 @@
|
|
|
4472
4521
|
return "adapter ".concat(id, " ") + (state === false ? 'is not supported by the environment' : 'is not available in the build');
|
|
4473
4522
|
});
|
|
4474
4523
|
var s = length ? reasons.length > 1 ? 'since :\n' + reasons.map(renderReason).join('\n') : ' ' + renderReason(reasons[0]) : 'as no adapter specified';
|
|
4475
|
-
throw new AxiosError("There is no suitable adapter to dispatch the request " + s,
|
|
4524
|
+
throw new AxiosError("There is no suitable adapter to dispatch the request " + s, AxiosError.ERR_NOT_SUPPORT);
|
|
4476
4525
|
}
|
|
4477
4526
|
return adapter;
|
|
4478
4527
|
}
|
|
@@ -4615,7 +4664,7 @@
|
|
|
4615
4664
|
*/
|
|
4616
4665
|
|
|
4617
4666
|
function assertOptions(options, schema, allowUnknown) {
|
|
4618
|
-
if (_typeof(options) !== 'object') {
|
|
4667
|
+
if (_typeof(options) !== 'object' || options === null) {
|
|
4619
4668
|
throw new AxiosError('options must be an object', AxiosError.ERR_BAD_OPTION_VALUE);
|
|
4620
4669
|
}
|
|
4621
4670
|
var keys = Object.keys(options);
|