Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old withCredentials behavior; #6046

Merged
merged 36 commits into from
Nov 14, 2023
Merged

feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old withCredentials behavior; #6046

merged 36 commits into from
Nov 14, 2023
+118 −55

Conversation

DigitalBrainJS
Copy link
Collaborator

@DigitalBrainJS DigitalBrainJS commented Oct 30, 2023
edited

Since automatic XSRF token sending when the withCredentials option is set has become considered a vulnerability, although it could be disabled, the only practical solution is probably to add a separate option to control the sending of the token.
So now the user must explicitly set withXSRFToken to true to send XSRF token to third-party origins.
By default withXSRFToken is undefined - the token will be sent only to the same origin.
You can set it to false to disable setting the header at all. In practice, this is the same as setting xsrfCookieName or xsrfHeaderName to falsy.
To migrate from the old withCredential behavior (<v1.6.0), you should now use withXSRFToken along with withCredential.
You can emulate the old unsafe behavior with just one line:

axios.defaults.withXSRFToken = (config) => !!config.useCredentials;

See #6028

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

@DigitalBrainJS
chore(ci): Add release-it script;
3f2f496
@DigitalBrainJS
Merge branch 'chore/release-it' into v1.x
1bfc41b
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
acaf0f4 
� Conflicts:
�	package-lock.json
�	package.json
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
8a5de86
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
cff9271
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
67afe20
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
dc7b66d
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
716eb59
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
10216bf
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
3b199f4
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f3d444f
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
077c381
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f598657
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
7bf5713
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
81a8bd6
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f8bb158
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
3f1c768
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
a9b0418
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
1a16f4e
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
5e22e2f
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
b7c77b0
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
2200038
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
df38e0c
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
878548a
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
7a33bcd
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
5cafdeb
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f0e6b28
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
98371b0
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
bee6e45
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
c97df04
@JimsonXD JimsonXD mentioned this pull request May 24, 2024
Open
@sergivj sergivj mentioned this pull request May 24, 2024
Open
@maxfrn65 maxfrn65 mentioned this pull request May 24, 2024
Open
@S0nG0ku0 S0nG0ku0 mentioned this pull request May 25, 2024
Open
@gaohongwei11 gaohongwei11 mentioned this pull request May 25, 2024
Open
@irklva irklva mentioned this pull request May 25, 2024
Open
@radmanlo radmanlo mentioned this pull request May 25, 2024
Open
@NAonlines NAonlines mentioned this pull request May 25, 2024
Open
@NOUIY NOUIY mentioned this pull request May 25, 2024
Open
@nc-minh nc-minh mentioned this pull request May 25, 2024
Open
@NouranMohamedFouad NouranMohamedFouad mentioned this pull request May 25, 2024
Open
@abdu11aev-samandar abdu11aev-samandar mentioned this pull request May 25, 2024
Open
@Patsy101 Patsy101 mentioned this pull request May 25, 2024
Open
@ilshaad ilshaad mentioned this pull request May 25, 2024
Open
@Azzraya Azzraya mentioned this pull request May 25, 2024
Open
@CharleBulla1 CharleBulla1 mentioned this pull request May 25, 2024
Open
@devcurt696 devcurt696 mentioned this pull request May 25, 2024
Open
@Gokuljayan494 Gokuljayan494 mentioned this pull request May 25, 2024
Open
@marjoriekohn marjoriekohn mentioned this pull request May 25, 2024
Open
@m1kql m1kql mentioned this pull request May 25, 2024
Open
@nejidevelops nejidevelops mentioned this pull request May 26, 2024
Open
@retr0reg retr0reg mentioned this pull request May 26, 2024
Open
@OKEAMAH OKEAMAH mentioned this pull request May 26, 2024
Open
@nachodev-ui nachodev-ui mentioned this pull request May 26, 2024
Open
This was referenced May 27, 2024
Open
Open
Open
@seahare-slug seahare-slug mentioned this pull request May 30, 2024
Open
@ArjunBhardwaj3 ArjunBhardwaj3 mentioned this pull request May 31, 2024
Open
@cs-sagarmalve cs-sagarmalve mentioned this pull request Jun 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
add_to_changelog Add the PR to changelog when releasing v1.6.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@DigitalBrainJS @xHeaven @jasonsaayman @adarrel753