Merge pull request #406 from pracucci/master

Fixing xsrf header on missing xsrfCookieName

Merge pull request #406 from pracucci/master
Fixing xsrf header on missing xsrfCookieName
6132d963 · Nick Uraltsev · GitHub · 8abe0d40 · e861a6cf · 6132d963
隐藏空白更改
内联并排

Showing with 29 addition and 1 deletion

lib/adapters/xhr.js lib/adapters/xhr.js +1 -1

test/specs/xsrf.spec.js test/specs/xsrf.spec.js +28 -0

未找到文件。
--- a/lib/adapters/xhr.js
+++ b/lib/adapters/xhr.js
@@ -103,7 +103,7 @@ module.exports = function xhrAdapter(config) {
      var cookies = require('./../helpers/cookies');

      // Add xsrf header
-      var xsrfValue = config.withCredentials || isURLSameOrigin(config.url) ?
+      var xsrfValue = (config.withCredentials || isURLSameOrigin(config.url)) && config.xsrfCookieName ?
          cookies.read(config.xsrfCookieName) :
          undefined;


--- a/test/specs/xsrf.spec.js
+++ b/test/specs/xsrf.spec.js
+var cookies = require('../../lib/helpers/cookies');
+
 describe('xsrf', function () {
  beforeEach(function () {
    jasmine.Ajax.install();
@@ -28,6 +30,32 @@ describe('xsrf', function () {
    });
  });

+  it('should not set xsrf header if xsrfCookieName is null', function (done) {
+    document.cookie = axios.defaults.xsrfCookieName + '=12345';
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
+      done();
+    });
+  });
+
+  it('should not read cookies at all if xsrfCookieName is null', function (done) {
+    spyOn(cookies, "read");
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(cookies.read).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
  it('should not set xsrf header for cross origin', function (done) {
    document.cookie = axios.defaults.xsrfCookieName + '=12345';