axios 1.6.1 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of axios might be problematic. Click here for more details.

Files changed (23) hide show
  1. package/CHANGELOG.md +44 -0
  2. package/README.md +19 -7
  3. package/dist/axios.js +39 -48
  4. package/dist/axios.js.map +1 -1
  5. package/dist/axios.min.js +1 -1
  6. package/dist/axios.min.js.map +1 -1
  7. package/dist/browser/axios.cjs +43 -48
  8. package/dist/browser/axios.cjs.map +1 -1
  9. package/dist/esm/axios.js +43 -48
  10. package/dist/esm/axios.js.map +1 -1
  11. package/dist/esm/axios.min.js +1 -1
  12. package/dist/esm/axios.min.js.map +1 -1
  13. package/dist/node/axios.cjs +43 -48
  14. package/dist/node/axios.cjs.map +1 -1
  15. package/index.d.cts +1 -0
  16. package/index.d.ts +1 -0
  17. package/lib/adapters/xhr.js +10 -7
  18. package/lib/core/mergeConfig.js +1 -0
  19. package/lib/env/data.js +1 -1
  20. package/lib/helpers/combineURLs.js +1 -1
  21. package/lib/helpers/cookies.js +37 -47
  22. package/lib/helpers/isURLSameOrigin.js +1 -1
  23. package/package.json +1 -1
package/index.d.cts CHANGED
@@ -414,6 +414,7 @@ declare namespace axios {
414
414
  family?: AddressFamily;
415
415
  lookup?: ((hostname: string, options: object, cb: (err: Error | null, address: LookupAddress | LookupAddress[], family?: AddressFamily) => void) => void) |
416
416
  ((hostname: string, options: object) => Promise<[address: LookupAddressEntry | LookupAddressEntry[], family?: AddressFamily] | LookupAddress>);
417
+ withXSRFToken?: boolean | ((config: InternalAxiosRequestConfig) => boolean | undefined);
417
418
  }
418
419
 
419
420
  // Alias
package/index.d.ts CHANGED
@@ -355,6 +355,7 @@ export interface AxiosRequestConfig<D = any> {
355
355
  family?: AddressFamily;
356
356
  lookup?: ((hostname: string, options: object, cb: (err: Error | null, address: LookupAddress | LookupAddress[], family?: AddressFamily) => void) => void) |
357
357
  ((hostname: string, options: object) => Promise<[address: LookupAddressEntry | LookupAddressEntry[], family?: AddressFamily] | LookupAddress>);
358
+ withXSRFToken?: boolean | ((config: InternalAxiosRequestConfig) => boolean | undefined);
358
359
  }
359
360
 
360
361
  // Alias
package/lib/adapters/xhr.js CHANGED
@@ -49,7 +49,7 @@ export default isXHRAdapterSupported && function (config) {
49
49
  return new Promise(function dispatchXhrRequest(resolve, reject) {
50
50
  let requestData = config.data;
51
51
  const requestHeaders = AxiosHeaders.from(config.headers).normalize();
52
- const responseType = config.responseType;
52
+ let {responseType, withXSRFToken} = config;
53
53
  let onCanceled;
54
54
  function done() {
55
55
  if (config.cancelToken) {
@@ -185,13 +185,16 @@ export default isXHRAdapterSupported && function (config) {
185
185
  // Add xsrf header
186
186
  // This is only done if running in a standard browser environment.
187
187
  // Specifically not if we're in a web worker, or react-native.
188
- if (platform.hasStandardBrowserEnv) {
189
- // Add xsrf header
190
- // regarding CVE-2023-45857 config.withCredentials condition was removed temporarily
191
- const xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
188
+ if(platform.hasStandardBrowserEnv) {
189
+ withXSRFToken && utils.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(config));
192
190
 
193
- if (xsrfValue) {
194
- requestHeaders.set(config.xsrfHeaderName, xsrfValue);
191
+ if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(fullPath))) {
192
+ // Add xsrf header
193
+ const xsrfValue = config.xsrfHeaderName && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
194
+
195
+ if (xsrfValue) {
196
+ requestHeaders.set(config.xsrfHeaderName, xsrfValue);
197
+ }
195
198
  }
196
199
  }
197
200
 
package/lib/core/mergeConfig.js CHANGED
@@ -75,6 +75,7 @@ export default function mergeConfig(config1, config2) {
75
75
  timeout: defaultToConfig2,
76
76
  timeoutMessage: defaultToConfig2,
77
77
  withCredentials: defaultToConfig2,
78
+ withXSRFToken: defaultToConfig2,
78
79
  adapter: defaultToConfig2,
79
80
  responseType: defaultToConfig2,
80
81
  xsrfCookieName: defaultToConfig2,
package/lib/env/data.js CHANGED
@@ -1 +1 @@
1
- export const VERSION = "1.6.1";
1
+ export const VERSION = "1.6.3";
package/lib/helpers/combineURLs.js CHANGED
@@ -10,6 +10,6 @@
10
10
  */
11
11
  export default function combineURLs(baseURL, relativeURL) {
12
12
  return relativeURL
13
- ? baseURL.replace(/\/+$/, '') + '/' + relativeURL.replace(/^\/+/, '')
13
+ ? baseURL.replace(/\/?\/$/, '') + '/' + relativeURL.replace(/^\/+/, '')
14
14
  : baseURL;
15
15
  }
package/lib/helpers/cookies.js CHANGED
@@ -1,52 +1,42 @@
1
- 'use strict';
2
-
3
1
  import utils from './../utils.js';
4
2
  import platform from '../platform/index.js';
5
3
 
6
4
  export default platform.hasStandardBrowserEnv ?
7
5
 
8
- // Standard browser envs support document.cookie
9
- (function standardBrowserEnv() {
10
- return {
11
- write: function write(name, value, expires, path, domain, secure) {
12
- const cookie = [];
13
- cookie.push(name + '=' + encodeURIComponent(value));
14
-
15
- if (utils.isNumber(expires)) {
16
- cookie.push('expires=' + new Date(expires).toGMTString());
17
- }
18
-
19
- if (utils.isString(path)) {
20
- cookie.push('path=' + path);
21
- }
22
-
23
- if (utils.isString(domain)) {
24
- cookie.push('domain=' + domain);
25
- }
26
-
27
- if (secure === true) {
28
- cookie.push('secure');
29
- }
30
-
31
- document.cookie = cookie.join('; ');
32
- },
33
-
34
- read: function read(name) {
35
- const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
36
- return (match ? decodeURIComponent(match[3]) : null);
37
- },
38
-
39
- remove: function remove(name) {
40
- this.write(name, '', Date.now() - 86400000);
41
- }
42
- };
43
- })() :
44
-
45
- // Non standard browser env (web workers, react-native) lack needed support.
46
- (function nonStandardBrowserEnv() {
47
- return {
48
- write: function write() {},
49
- read: function read() { return null; },
50
- remove: function remove() {}
51
- };
52
- })();
6
+ // Standard browser envs support document.cookie
7
+ {
8
+ write(name, value, expires, path, domain, secure) {
9
+ const cookie = [name + '=' + encodeURIComponent(value)];
10
+
11
+ utils.isNumber(expires) && cookie.push('expires=' + new Date(expires).toGMTString());
12
+
13
+ utils.isString(path) && cookie.push('path=' + path);
14
+
15
+ utils.isString(domain) && cookie.push('domain=' + domain);
16
+
17
+ secure === true && cookie.push('secure');
18
+
19
+ document.cookie = cookie.join('; ');
20
+ },
21
+
22
+ read(name) {
23
+ const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
24
+ return (match ? decodeURIComponent(match[3]) : null);
25
+ },
26
+
27
+ remove(name) {
28
+ this.write(name, '', Date.now() - 86400000);
29
+ }
30
+ }
31
+
32
+ :
33
+
34
+ // Non-standard browser env (web workers, react-native) lack needed support.
35
+ {
36
+ write() {},
37
+ read() {
38
+ return null;
39
+ },
40
+ remove() {}
41
+ };
42
+
package/lib/helpers/isURLSameOrigin.js CHANGED
@@ -13,7 +13,7 @@ export default platform.hasStandardBrowserEnv ?
13
13
  let originURL;
14
14
 
15
15
  /**
16
- * Parse a URL to discover it's components
16
+ * Parse a URL to discover its components
17
17
  *
18
18
  * @param {String} url The URL to be parsed
19
19
  * @returns {Object}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "axios",
3
- "version": "1.6.1",
3
+ "version": "1.6.3",
4
4
  "description": "Promise based HTTP client for the browser and node.js",
5
5
  "main": "index.js",
6
6
  "exports": {