Fixing xsrf header on missing xsrfCookieName

85b90158 · Marco Pracucci · 8abe0d40 · 85b90158 · 85b90158
隐藏空白更改
内联并排

Showing with 14 addition and 1 deletion

lib/adapters/xhr.js lib/adapters/xhr.js +1 -1

test/specs/xsrf.spec.js test/specs/xsrf.spec.js +13 -0

未找到文件。
--- a/lib/adapters/xhr.js
+++ b/lib/adapters/xhr.js
@@ -103,7 +103,7 @@ module.exports = function xhrAdapter(config) {
      var cookies = require('./../helpers/cookies');

      // Add xsrf header
-      var xsrfValue = config.withCredentials || isURLSameOrigin(config.url) ?
+      var xsrfValue = (config.withCredentials || isURLSameOrigin(config.url)) && config.xsrfCookieName ?
          cookies.read(config.xsrfCookieName) :
          undefined;


--- a/test/specs/xsrf.spec.js
+++ b/test/specs/xsrf.spec.js
@@ -28,6 +28,19 @@ describe('xsrf', function () {
    });
  });

+  it('should not set xsrf header if xsrfCookieName is null', function (done) {
+    document.cookie = axios.defaults.xsrfCookieName + '=12345';
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
+      done();
+    });
+  });
+
  it('should not set xsrf header for cross origin', function (done) {
    document.cookie = axios.defaults.xsrfCookieName + '=12345';