Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[10.x] Add new Axios v1.6.2 withXSRFToken option to documentation #9152

Merged
merged 2 commits into from Nov 22, 2023
Merged

[10.x] Add new Axios v1.6.2 withXSRFToken option to documentation #9152

merged 2 commits into from Nov 22, 2023

Conversation

stevebauman
Copy link
Contributor

@stevebauman stevebauman commented Nov 22, 2023
edited

In later versions of Axios (v1.6.0) the withCredentials credentials option has had a breaking change in regards to automatically forwarding XSRF tokens to third party domains / subdomains. In response to this breaking change, Axios has re-added the functionality back in via a withXSRFToken option. Here are the issue links (in oldest to latest order):

CVE Issue: axios/axios#6006
CVE Fix: axios/axios#6028
XSRFToken Option Addition: axios/axios#6046

From the new option's PR:

馃摙 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix

@taylorotwell taylorotwell merged commit f708a58 into laravel:10.x Nov 22, 2023
@stevebauman stevebauman deleted the patch-4 branch November 22, 2023 19:53
@StefanPrintezis StefanPrintezis mentioned this pull request Nov 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@stevebauman @taylorotwell