From 85b90158907ba7fa21a02edb4bb26bfa08bafa61 Mon Sep 17 00:00:00 2001
From: Marco Pracucci <marco.pracucci@spreaker.com>
Date: Mon, 8 Aug 2016 14:31:11 +0200
Subject: [PATCH 1/2] Fixing xsrf header on missing xsrfCookieName

---
 lib/adapters/xhr.js     |  2 +-
 test/specs/xsrf.spec.js | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/adapters/xhr.js b/lib/adapters/xhr.js
index 957eac5..c978b3f 100644
--- a/lib/adapters/xhr.js
+++ b/lib/adapters/xhr.js
@@ -103,7 +103,7 @@ module.exports = function xhrAdapter(config) {
       var cookies = require('./../helpers/cookies');
 
       // Add xsrf header
-      var xsrfValue = config.withCredentials || isURLSameOrigin(config.url) ?
+      var xsrfValue = (config.withCredentials || isURLSameOrigin(config.url)) && config.xsrfCookieName ?
           cookies.read(config.xsrfCookieName) :
           undefined;
 
diff --git a/test/specs/xsrf.spec.js b/test/specs/xsrf.spec.js
index 71fc35c..f057a16 100644
--- a/test/specs/xsrf.spec.js
+++ b/test/specs/xsrf.spec.js
@@ -28,6 +28,19 @@ describe('xsrf', function () {
     });
   });
 
+  it('should not set xsrf header if xsrfCookieName is null', function (done) {
+    document.cookie = axios.defaults.xsrfCookieName + '=12345';
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
+      done();
+    });
+  });
+
   it('should not set xsrf header for cross origin', function (done) {
     document.cookie = axios.defaults.xsrfCookieName + '=12345';
 

From e861a6cf756d25598c32ee8531a4d8c7e54fbb8d Mon Sep 17 00:00:00 2001
From: Marco Pracucci <marco.pracucci@spreaker.com>
Date: Thu, 11 Aug 2016 10:47:53 +0200
Subject: [PATCH 2/2] Added test to ensure that XHR adapter does not read
 cookies if xsrfCookieName is null

---
 test/specs/xsrf.spec.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/test/specs/xsrf.spec.js b/test/specs/xsrf.spec.js
index f057a16..56cc0d2 100644
--- a/test/specs/xsrf.spec.js
+++ b/test/specs/xsrf.spec.js
@@ -1,3 +1,5 @@
+var cookies = require('../../lib/helpers/cookies');
+
 describe('xsrf', function () {
   beforeEach(function () {
     jasmine.Ajax.install();
@@ -41,6 +43,19 @@ describe('xsrf', function () {
     });
   });
 
+  it('should not read cookies at all if xsrfCookieName is null', function (done) {
+    spyOn(cookies, "read");
+
+    axios('/foo', {
+      xsrfCookieName: null
+    });
+
+    getAjaxRequest().then(function (request) {
+      expect(cookies.read).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
   it('should not set xsrf header for cross origin', function (done) {
     document.cookie = axios.defaults.xsrfCookieName + '=12345';