mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-05-30 15:24:11 +03:00
Code Activity

Abandoning URL embedded identities for Basic auth

Browse Source 
Use an `Authorization` header instead, which is a safer choice than URL embedded identities (aka `http://user:pass@example.com`). [Chrome 19 dropped support][chromium128323] for URL embedded identities in XMLHttpRequest for security reasons.

Added documentation note about how this will overwrite any existing `Authorization` header that the user may have set.

[chromium128323]: https://code.google.com/p/chromium/issues/detail?id=128323
This commit is contained in:
Idan Gazit
2015-12-09 13:21:07 +02:00
parent e270c70d4d
commit 95df032fbd
2 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+6 -4
View File
@@ -51,7 +51,7 @@ axios.get('/user?ID=12345')
.catch(function (response) {
console.log(response);
});
// Optionally the request above could also be done as
axios.get('/user', {
params: {
@@ -174,7 +174,7 @@ These are the available config options for making requests. Only the `url` is re
// The last function in the array must return a string or an ArrayBuffer
transformRequest: [function (data) {
// Do whatever you want to transform the data
return data;
}],
@@ -182,7 +182,7 @@ These are the available config options for making requests. Only the `url` is re
// it is passed to then/catch
transformResponse: [function (data) {
// Do whatever you want to transform the data
return data;
}],
@@ -216,6 +216,8 @@ These are the available config options for making requests. Only the `url` is re
withCredentials: false, // default
// `auth` indicates that HTTP Basic auth should be used, and supplies credentials.
// This will set an `Authorization` header, overwriting any existing
// `Authorization` custom headers you have set using `headers`.
// The username can be supplied as `user` or `username`
// The password can be supplied as `pass` or `password`
auth: {
@@ -246,7 +248,7 @@ The response for a request contains the following information.
// `status` is the HTTP status code from the server response
status: 200,
// `statusText` is the HTTP status message from the server response
statusText: 'OK',
lib/adapters/xhr.js
+6 -6
View File
@@ -40,15 +40,15 @@ module.exports = function xhrAdapter(resolve, reject, config) {
}
// HTTP basic authentication
var configAuth = config.auth || {};
var auth = {
username: configAuth.username || configAuth.user || '',
password: configAuth.password || configAuth.pass || ''
};
if (config.auth) {
var username = config.auth.user || config.auth.username || '';
var password = config.auth.pass || config.auth.password || '';
requestHeaders['Authorization'] = 'Basic: ' + window.btoa(username + ':' + password);
}
// Create the request
var request = new adapter('Microsoft.XMLHTTP');
request.open(config.method.toUpperCase(), buildURL(config.url, config.params, config.paramsSerializer), true, auth.username, auth.password);
request.open(config.method.toUpperCase(), buildURL(config.url, config.params, config.paramsSerializer), true);
// Set the request timeout in MS
request.timeout = config.timeout;