|
1 | | -// Axios v1.6.1 Copyright (c) 2023 Matt Zabriskie and contributors |
| 1 | +// Axios v1.6.2 Copyright (c) 2023 Matt Zabriskie and contributors |
2 | 2 | 'use strict'; |
3 | 3 |
|
4 | 4 | function bind(fn, thisArg) { |
@@ -1960,51 +1960,42 @@ function settle(resolve, reject, response) { |
1960 | 1960 |
|
1961 | 1961 | var cookies = platform.hasStandardBrowserEnv ? |
1962 | 1962 |
|
1963 | | -// Standard browser envs support document.cookie |
1964 | | - (function standardBrowserEnv() { |
1965 | | - return { |
1966 | | - write: function write(name, value, expires, path, domain, secure) { |
1967 | | - const cookie = []; |
1968 | | - cookie.push(name + '=' + encodeURIComponent(value)); |
| 1963 | + // Standard browser envs support document.cookie |
| 1964 | + { |
| 1965 | + write(name, value, expires, path, domain, secure) { |
| 1966 | + const cookie = [name + '=' + encodeURIComponent(value)]; |
1969 | 1967 |
|
1970 | | - if (utils$1.isNumber(expires)) { |
1971 | | - cookie.push('expires=' + new Date(expires).toGMTString()); |
1972 | | - } |
| 1968 | + utils$1.isNumber(expires) && cookie.push('expires=' + new Date(expires).toGMTString()); |
1973 | 1969 |
|
1974 | | - if (utils$1.isString(path)) { |
1975 | | - cookie.push('path=' + path); |
1976 | | - } |
| 1970 | + utils$1.isString(path) && cookie.push('path=' + path); |
1977 | 1971 |
|
1978 | | - if (utils$1.isString(domain)) { |
1979 | | - cookie.push('domain=' + domain); |
1980 | | - } |
| 1972 | + utils$1.isString(domain) && cookie.push('domain=' + domain); |
1981 | 1973 |
|
1982 | | - if (secure === true) { |
1983 | | - cookie.push('secure'); |
1984 | | - } |
| 1974 | + secure === true && cookie.push('secure'); |
1985 | 1975 |
|
1986 | | - document.cookie = cookie.join('; '); |
1987 | | - }, |
| 1976 | + document.cookie = cookie.join('; '); |
| 1977 | + }, |
1988 | 1978 |
|
1989 | | - read: function read(name) { |
1990 | | - const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)')); |
1991 | | - return (match ? decodeURIComponent(match[3]) : null); |
1992 | | - }, |
| 1979 | + read(name) { |
| 1980 | + const match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)')); |
| 1981 | + return (match ? decodeURIComponent(match[3]) : null); |
| 1982 | + }, |
1993 | 1983 |
|
1994 | | - remove: function remove(name) { |
1995 | | - this.write(name, '', Date.now() - 86400000); |
1996 | | - } |
1997 | | - }; |
1998 | | - })() : |
| 1984 | + remove(name) { |
| 1985 | + this.write(name, '', Date.now() - 86400000); |
| 1986 | + } |
| 1987 | + } |
1999 | 1988 |
|
2000 | | -// Non standard browser env (web workers, react-native) lack needed support. |
2001 | | - (function nonStandardBrowserEnv() { |
2002 | | - return { |
2003 | | - write: function write() {}, |
2004 | | - read: function read() { return null; }, |
2005 | | - remove: function remove() {} |
2006 | | - }; |
2007 | | - })(); |
| 1989 | + : |
| 1990 | + |
| 1991 | + // Non-standard browser env (web workers, react-native) lack needed support. |
| 1992 | + { |
| 1993 | + write() {}, |
| 1994 | + read() { |
| 1995 | + return null; |
| 1996 | + }, |
| 1997 | + remove() {} |
| 1998 | + }; |
2008 | 1999 |
|
2009 | 2000 | /** |
2010 | 2001 | * Determines whether the specified URL is absolute |
@@ -2061,7 +2052,7 @@ var isURLSameOrigin = platform.hasStandardBrowserEnv ? |
2061 | 2052 | let originURL; |
2062 | 2053 |
|
2063 | 2054 | /** |
2064 | | - * Parse a URL to discover it's components |
| 2055 | + * Parse a URL to discover its components |
2065 | 2056 | * |
2066 | 2057 | * @param {String} url The URL to be parsed |
2067 | 2058 | * @returns {Object} |
@@ -2206,7 +2197,7 @@ var xhrAdapter = isXHRAdapterSupported && function (config) { |
2206 | 2197 | return new Promise(function dispatchXhrRequest(resolve, reject) { |
2207 | 2198 | let requestData = config.data; |
2208 | 2199 | const requestHeaders = AxiosHeaders$1.from(config.headers).normalize(); |
2209 | | - const responseType = config.responseType; |
| 2200 | + let {responseType, withXSRFToken} = config; |
2210 | 2201 | let onCanceled; |
2211 | 2202 | function done() { |
2212 | 2203 | if (config.cancelToken) { |
@@ -2342,13 +2333,16 @@ var xhrAdapter = isXHRAdapterSupported && function (config) { |
2342 | 2333 | // Add xsrf header |
2343 | 2334 | // This is only done if running in a standard browser environment. |
2344 | 2335 | // Specifically not if we're in a web worker, or react-native. |
2345 | | - if (platform.hasStandardBrowserEnv) { |
2346 | | - // Add xsrf header |
2347 | | - // regarding CVE-2023-45857 config.withCredentials condition was removed temporarily |
2348 | | - const xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName); |
| 2336 | + if(platform.hasStandardBrowserEnv) { |
| 2337 | + withXSRFToken && utils$1.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(config)); |
2349 | 2338 |
|
2350 | | - if (xsrfValue) { |
2351 | | - requestHeaders.set(config.xsrfHeaderName, xsrfValue); |
| 2339 | + if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(fullPath))) { |
| 2340 | + // Add xsrf header |
| 2341 | + const xsrfValue = config.xsrfHeaderName && config.xsrfCookieName && cookies.read(config.xsrfCookieName); |
| 2342 | + |
| 2343 | + if (xsrfValue) { |
| 2344 | + requestHeaders.set(config.xsrfHeaderName, xsrfValue); |
| 2345 | + } |
2352 | 2346 | } |
2353 | 2347 | } |
2354 | 2348 |
|
@@ -2631,6 +2625,7 @@ function mergeConfig(config1, config2) { |
2631 | 2625 | timeout: defaultToConfig2, |
2632 | 2626 | timeoutMessage: defaultToConfig2, |
2633 | 2627 | withCredentials: defaultToConfig2, |
| 2628 | + withXSRFToken: defaultToConfig2, |
2634 | 2629 | adapter: defaultToConfig2, |
2635 | 2630 | responseType: defaultToConfig2, |
2636 | 2631 | xsrfCookieName: defaultToConfig2, |
@@ -2660,7 +2655,7 @@ function mergeConfig(config1, config2) { |
2660 | 2655 | return config; |
2661 | 2656 | } |
2662 | 2657 |
|
2663 | | -const VERSION = "1.6.1"; |
| 2658 | +const VERSION = "1.6.2"; |
2664 | 2659 |
|
2665 | 2660 | const validators$1 = {}; |
2666 | 2661 |
|
|
0 commit comments