Adding xsrf protection

lib/axios.js

@@ -1,8 +1,10 @@
 var Promise = require('es6-promise').Promise;
 var buildUrl = require('./buildUrl');
+var cookies = require('./cookies');
 var defaults = require('./defaults');
 var parseHeaders = require('./parseHeaders');
 var transformData = require('./transformData');
+var urlIsSameOrigin = require('./urlIsSameOrigin');
 var utils = require('./utils');
 
 var axios = module.exports = function axios(options) {
@@ -62,9 +64,17 @@ var axios = module.exports = function axios(options) {
       options.headers || {}
     );
 
+    // Add xsrf header
+    var xsrfValue = urlIsSameOrigin(options.url)
+        ? cookies.read(options.xsrfCookieName || defaults.xsrfCookieName)
+        : undefined;
+    if (xsrfValue) {
+      headers[options.xsrfHeaderName || defaults.xsrfHeaderName] = xsrfValue;
+    }
+
     utils.forEach(headers, function (val, key) {
       // Remove Content-Type if data is undefined
-      if (typeof data === 'undefined' && key.toLowerCase() === 'content-type') {
+      if (!data && key.toLowerCase() === 'content-type') {
         delete headers[key];
       }
       // Otherwise add header to the request