Merging master

README.md

@@ -322,7 +322,7 @@ The response for a request contains the following information.
 }
 ```
 
-When using `then` or `catch`, you will receive the response as follows:
+When using `then`, you will receive the response as follows:
 
 ```js
 axios.get('/user/12345')
@@ -332,9 +332,11 @@ axios.get('/user/12345')
     console.log(response.statusText);
     console.log(response.headers);
     console.log(response.config);
-});
+  });
 ```
 
+When using `catch`, or passing a [rejection callback](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/then) as second parameter of `then`, the response will be available through the `error` object as explained in the [Handling Errors](#handling-errors) section.
+
 ## Config Defaults
 
 You can specify config defaults that will be applied to every request.

lib/adapters/http.js

@@ -62,6 +62,10 @@ module.exports = function httpAdapter(config) {
       auth = urlUsername + ':' + urlPassword;
     }
 
+    if (auth) {
+      delete headers.Authorization;
+    }
+
     var isHttps = parsed.protocol === 'https:';
     var agent = isHttps ? config.httpsAgent : config.httpAgent;
 

lib/adapters/xhr.js

@@ -103,7 +103,7 @@ module.exports = function xhrAdapter(config) {
       var cookies = require('./../helpers/cookies');
 
       // Add xsrf header
-      var xsrfValue = config.withCredentials || isURLSameOrigin(config.url) ?
+      var xsrfValue = (config.withCredentials || isURLSameOrigin(config.url)) && config.xsrfCookieName ?
           cookies.read(config.xsrfCookieName) :
           undefined;
 

test/specs/xsrf.spec.js

@@ -1,3 +1,5 @@
+var cookies = require('../../lib/helpers/cookies');
+
 describe('xsrf', function () {
   beforeEach(function () {
     jasmine.Ajax.install();
@@ -28,6 +30,32 @@ describe('xsrf', function () {
     });
   });
 
+  it('should not set xsrf header if xsrfCookieName is null', function (done) {
+    document.cookie = axios.defaults.xsrfCookieName + '=12345';
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
+      done();
+    });
+  });
+
+  it('should not read cookies at all if xsrfCookieName is null', function (done) {
+    spyOn(cookies, "read");
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(cookies.read).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
   it('should not set xsrf header for cross origin', function (done) {
     document.cookie = axios.defaults.xsrfCookieName + '=12345';
 

test/unit/adapters/http.js

@@ -168,7 +168,8 @@ module.exports = {
       res.end(req.headers.authorization);
     }).listen(4444, function () {
       var user = 'foo';
-      axios.get('http://' + user + '@localhost:4444/').then(function (res) {
+      var headers = { Authorization: 'Bearer 1234' };
+      axios.get('http://' + user + '@localhost:4444/', { headers: headers }).then(function (res) {
         var base64 = new Buffer(user + ':', 'utf8').toString('base64');
         test.equal(res.data, 'Basic ' + base64);
         test.done();
@@ -176,6 +177,20 @@ module.exports = {
     });
   },
 
+  testBasicAuthWithHeader: function (test) {
+    server = http.createServer(function (req, res) {
+      res.end(req.headers.authorization);
+    }).listen(4444, function () {
+      var auth = { username: 'foo', password: 'bar' };
+      var headers = { Authorization: 'Bearer 1234' };
+      axios.get('http://localhost:4444/', { auth: auth, headers: headers }).then(function (res) {
+        var base64 = new Buffer('foo:bar', 'utf8').toString('base64');
+        test.equal(res.data, 'Basic ' + base64);
+        test.done();
+      });
+    });
+  },
+
   testMaxContentLength: function(test) {
     var str = Array(100000).join('ж');