Skip to content

Commit b3be365

Browse files
chore(release): v1.6.2 (#6082)
Co-authored-by: DigitalBrainJS <DigitalBrainJS@users.noreply.github.com>
1 parent 8739acb commit b3be365

17 files changed

Lines changed: 209 additions & 202 deletions

CHANGELOG.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,27 @@
11
# Changelog
22

3+
## [1.6.2](https://github.com/axios/axios/compare/v1.6.1...v1.6.2) (2023-11-14)
4+
5+
6+
### Features
7+
8+
* **withXSRFToken:** added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ([#6046](https://github.com/axios/axios/issues/6046)) ([cff9967](https://github.com/axios/axios/commit/cff996779b272a5e94c2b52f5503ccf668bc42dc))
9+
10+
### PRs
11+
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old &#x60;withCredentials&#x60; behavior; ( [#6046](https://api.github.com/repos/axios/axios/pulls/6046) )
12+
```
13+
14+
📢 This PR added &#x27;withXSRFToken&#x27; option as a replacement for old withCredentials behaviour.
15+
You should now use withXSRFToken along with withCredential to get the old behavior.
16+
This functionality is considered as a fix.
17+
```
18+
19+
### Contributors to this release
20+
21+
- <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+271/-146 (#6081 #6080 #6079 #6078 #6046 #6064 #6063 )")
22+
- <img src="https://avatars.githubusercontent.com/u/79681367?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Ng Choon Khon (CK)](https://github.com/ckng0221 "+4/-4 (#6073 )")
23+
- <img src="https://avatars.githubusercontent.com/u/9162827?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Muhammad Noman](https://github.com/mnomanmemon "+2/-2 (#6048 )")
24+
325
## [1.6.1](https://github.com/axios/axios/compare/v1.6.0...v1.6.1) (2023-11-08)
426

527

@@ -13,6 +35,15 @@
1335
- <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+432/-65 (#6059 #6056 #6055 )")
1436
- <img src="https://avatars.githubusercontent.com/u/3982806?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Fabian Meyer](https://github.com/meyfa "+5/-2 (#5835 )")
1537

38+
### PRs
39+
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old &#x60;withCredentials&#x60; behavior; ( [#6046](https://api.github.com/repos/axios/axios/pulls/6046) )
40+
```
41+
42+
📢 This PR added &#x27;withXSRFToken&#x27; option as a replacement for old withCredentials behaviour.
43+
You should now use withXSRFToken along with withCredential to get the old behavior.
44+
This functionality is considered as a fix.
45+
```
46+
1647
# [1.6.0](https://github.com/axios/axios/compare/v1.5.1...v1.6.0) (2023-10-26)
1748

1849

bower.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"name": "axios",
33
"main": "./dist/axios.js",
4-
"version": "1.6.1",
4+
"version": "1.6.2",
55
"homepage": "https://axios-http.com",
66
"authors": [
77
"Matt Zabriskie"

dist/axios.js

Lines changed: 38 additions & 47 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/axios.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/axios.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/axios.min.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/browser/axios.cjs

Lines changed: 42 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Axios v1.6.1 Copyright (c) 2023 Matt Zabriskie and contributors
1+
// Axios v1.6.2 Copyright (c) 2023 Matt Zabriskie and contributors
22
'use strict';
33

44
function bind(fn, thisArg) {
@@ -1960,51 +1960,42 @@ function settle(resolve, reject, response) {
19601960

19611961
var cookies = platform.hasStandardBrowserEnv ?
19621962

1963-
// Standard browser envs support document.cookie
1964-
(function standardBrowserEnv() {
1965-
return {
1966-
write: function write(name, value, expires, path, domain, secure) {
1967-
const cookie = [];
1968-
cookie.push(name + '=' + encodeURIComponent(value));
1963+
// Standard browser envs support document.cookie
1964+
{
1965+
write(name, value, expires, path, domain, secure) {
1966+
const cookie = [name + '=' + encodeURIComponent(value)];
19691967

1970-
if (utils$1.isNumber(expires)) {
1971-
cookie.push('expires=' + new Date(expires).toGMTString());
1972-
}
1968+
utils$1.isNumber(expires) && cookie.push('expires=' + new Date(expires).toGMTString());
19731969

1974-
if (utils$1.isString(path)) {
1975-
cookie.push('path=' + path);
1976-
}
1970+
utils$1.isString(path) && cookie.push('path=' + path);
19771971

1978-
if (utils$1.isString(domain)) {
1979-
cookie.push('domain=' + domain);
1980-
}
1972+
utils$1.isString(domain) && cookie.push('domain=' + domain);
19811973

1982-
if (secure === true) {
1983-
cookie.push('secure');
1984-
}
1974+
secure === true && cookie.push('secure');
19851975

1986-
document.cookie = cookie.join('; ');
1987-
},
1976+
document.cookie = cookie.join('; ');
1977+
},
19881978

1989-
read: function read(name) {
1990-
const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
1991-
return (match ? decodeURIComponent(match[3]) : null);
1992-
},
1979+
read(name) {
1980+
const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
1981+
return (match ? decodeURIComponent(match[3]) : null);
1982+
},
19931983

1994-
remove: function remove(name) {
1995-
this.write(name, '', Date.now() - 86400000);
1996-
}
1997-
};
1998-
})() :
1984+
remove(name) {
1985+
this.write(name, '', Date.now() - 86400000);
1986+
}
1987+
}
19991988

2000-
// Non standard browser env (web workers, react-native) lack needed support.
2001-
(function nonStandardBrowserEnv() {
2002-
return {
2003-
write: function write() {},
2004-
read: function read() { return null; },
2005-
remove: function remove() {}
2006-
};
2007-
})();
1989+
:
1990+
1991+
// Non-standard browser env (web workers, react-native) lack needed support.
1992+
{
1993+
write() {},
1994+
read() {
1995+
return null;
1996+
},
1997+
remove() {}
1998+
};
20081999

20092000
/**
20102001
* Determines whether the specified URL is absolute
@@ -2061,7 +2052,7 @@ var isURLSameOrigin = platform.hasStandardBrowserEnv ?
20612052
let originURL;
20622053

20632054
/**
2064-
* Parse a URL to discover it's components
2055+
* Parse a URL to discover its components
20652056
*
20662057
* @param {String} url The URL to be parsed
20672058
* @returns {Object}
@@ -2206,7 +2197,7 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
22062197
return new Promise(function dispatchXhrRequest(resolve, reject) {
22072198
let requestData = config.data;
22082199
const requestHeaders = AxiosHeaders$1.from(config.headers).normalize();
2209-
const responseType = config.responseType;
2200+
let {responseType, withXSRFToken} = config;
22102201
let onCanceled;
22112202
function done() {
22122203
if (config.cancelToken) {
@@ -2342,13 +2333,16 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
23422333
// Add xsrf header
23432334
// This is only done if running in a standard browser environment.
23442335
// Specifically not if we're in a web worker, or react-native.
2345-
if (platform.hasStandardBrowserEnv) {
2346-
// Add xsrf header
2347-
// regarding CVE-2023-45857 config.withCredentials condition was removed temporarily
2348-
const xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
2336+
if(platform.hasStandardBrowserEnv) {
2337+
withXSRFToken && utils$1.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(config));
23492338

2350-
if (xsrfValue) {
2351-
requestHeaders.set(config.xsrfHeaderName, xsrfValue);
2339+
if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(fullPath))) {
2340+
// Add xsrf header
2341+
const xsrfValue = config.xsrfHeaderName && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
2342+
2343+
if (xsrfValue) {
2344+
requestHeaders.set(config.xsrfHeaderName, xsrfValue);
2345+
}
23522346
}
23532347
}
23542348

@@ -2631,6 +2625,7 @@ function mergeConfig(config1, config2) {
26312625
timeout: defaultToConfig2,
26322626
timeoutMessage: defaultToConfig2,
26332627
withCredentials: defaultToConfig2,
2628+
withXSRFToken: defaultToConfig2,
26342629
adapter: defaultToConfig2,
26352630
responseType: defaultToConfig2,
26362631
xsrfCookieName: defaultToConfig2,
@@ -2660,7 +2655,7 @@ function mergeConfig(config1, config2) {
26602655
return config;
26612656
}
26622657

2663-
const VERSION = "1.6.1";
2658+
const VERSION = "1.6.2";
26642659

26652660
const validators$1 = {};
26662661

dist/browser/axios.cjs.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)