From 1ffcbb0369cd241077f610600cc6e61e092afba1 Mon Sep 17 00:00:00 2001 From: Christian Schuhmann Date: Wed, 3 Aug 2016 12:16:55 +0200 Subject: [PATCH 1/4] Fixing Authorization header with basic auth The http adapater did not remove a custom Authorization header when auth is set. --- lib/adapters/http.js | 4 ++++ test/unit/adapters/http.js | 17 ++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/adapters/http.js b/lib/adapters/http.js index 21b02ae..bf01831 100644 --- a/lib/adapters/http.js +++ b/lib/adapters/http.js @@ -62,6 +62,10 @@ module.exports = function httpAdapter(config) { auth = urlUsername + ':' + urlPassword; } + if (auth) { + delete headers.Authorization; + } + var isHttps = parsed.protocol === 'https:'; var agent = isHttps ? config.httpsAgent : config.httpAgent; diff --git a/test/unit/adapters/http.js b/test/unit/adapters/http.js index 4ef91b7..36d734d 100644 --- a/test/unit/adapters/http.js +++ b/test/unit/adapters/http.js @@ -168,7 +168,8 @@ module.exports = { res.end(req.headers.authorization); }).listen(4444, function () { var user = 'foo'; - axios.get('http://' + user + '@localhost:4444/').then(function (res) { + var headers = { Authorization: 'Bearer 1234' }; + axios.get('http://' + user + '@localhost:4444/', { headers: headers }).then(function (res) { var base64 = new Buffer(user + ':', 'utf8').toString('base64'); test.equal(res.data, 'Basic ' + base64); test.done(); @@ -176,6 +177,20 @@ module.exports = { }); }, + testBasicAuthWithHeader: function (test) { + server = http.createServer(function (req, res) { + res.end(req.headers.authorization); + }).listen(4444, function () { + var auth = { username: 'foo', password: 'bar' }; + var headers = { Authorization: 'Bearer 1234' }; + axios.get('http://localhost:4444/', { auth: auth, headers: headers }).then(function (res) { + var base64 = new Buffer('foo:bar', 'utf8').toString('base64'); + test.equal(res.data, 'Basic ' + base64); + test.done(); + }); + }); + }, + testMaxContentLength: function(test) { var str = Array(100000).join('ж'); From 85b90158907ba7fa21a02edb4bb26bfa08bafa61 Mon Sep 17 00:00:00 2001 From: Marco Pracucci Date: Mon, 8 Aug 2016 14:31:11 +0200 Subject: [PATCH 2/4] Fixing xsrf header on missing xsrfCookieName --- lib/adapters/xhr.js | 2 +- test/specs/xsrf.spec.js | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/adapters/xhr.js b/lib/adapters/xhr.js index 957eac5..c978b3f 100644 --- a/lib/adapters/xhr.js +++ b/lib/adapters/xhr.js @@ -103,7 +103,7 @@ module.exports = function xhrAdapter(config) { var cookies = require('./../helpers/cookies'); // Add xsrf header - var xsrfValue = config.withCredentials || isURLSameOrigin(config.url) ? + var xsrfValue = (config.withCredentials || isURLSameOrigin(config.url)) && config.xsrfCookieName ? cookies.read(config.xsrfCookieName) : undefined; diff --git a/test/specs/xsrf.spec.js b/test/specs/xsrf.spec.js index 71fc35c..f057a16 100644 --- a/test/specs/xsrf.spec.js +++ b/test/specs/xsrf.spec.js @@ -28,6 +28,19 @@ describe('xsrf', function () { }); }); + it('should not set xsrf header if xsrfCookieName is null', function (done) { + document.cookie = axios.defaults.xsrfCookieName + '=12345'; + + axios('/foo', { + xsrfCookieName: null + }); + + getAjaxRequest().then(function (request) { + expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined); + done(); + }); + }); + it('should not set xsrf header for cross origin', function (done) { document.cookie = axios.defaults.xsrfCookieName + '=12345'; From 1525e8771b9d2461cdbdd2e7181a11bb881e3cca Mon Sep 17 00:00:00 2001 From: Axel Bocciarelli Date: Tue, 9 Aug 2016 13:24:24 +1000 Subject: [PATCH 3/4] Fixing doc on accessing response with then/catch Docs were suggesting that accessing the response with `catch` was the same as accessing it with `then`. Split the two cases and point to the Handling Errors section. Also mention the case where a rejection callback is specified as second parameter of `then`. --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 253a811..20d7e19 100644 --- a/README.md +++ b/README.md @@ -322,7 +322,7 @@ The response for a request contains the following information. } ``` -When using `then` or `catch`, you will receive the response as follows: +When using `then`, you will receive the response as follows: ```js axios.get('/user/12345') @@ -332,9 +332,11 @@ axios.get('/user/12345') console.log(response.statusText); console.log(response.headers); console.log(response.config); -}); + }); ``` +When using `catch`, or passing a [rejection callback](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/then) as second parameter of `then`, the response will be available through the `error` object as explained in the [Handling Errors](#handling-errors) section. + ## Config Defaults You can specify config defaults that will be applied to every request. From e861a6cf756d25598c32ee8531a4d8c7e54fbb8d Mon Sep 17 00:00:00 2001 From: Marco Pracucci Date: Thu, 11 Aug 2016 10:47:53 +0200 Subject: [PATCH 4/4] Added test to ensure that XHR adapter does not read cookies if xsrfCookieName is null --- test/specs/xsrf.spec.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/test/specs/xsrf.spec.js b/test/specs/xsrf.spec.js index f057a16..56cc0d2 100644 --- a/test/specs/xsrf.spec.js +++ b/test/specs/xsrf.spec.js @@ -1,3 +1,5 @@ +var cookies = require('../../lib/helpers/cookies'); + describe('xsrf', function () { beforeEach(function () { jasmine.Ajax.install(); @@ -41,6 +43,19 @@ describe('xsrf', function () { }); }); + it('should not read cookies at all if xsrfCookieName is null', function (done) { + spyOn(cookies, "read"); + + axios('/foo', { + xsrfCookieName: null + }); + + getAjaxRequest().then(function (request) { + expect(cookies.read).not.toHaveBeenCalled(); + done(); + }); + }); + it('should not set xsrf header for cross origin', function (done) { document.cookie = axios.defaults.xsrfCookieName + '=12345';