mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-11 18:02:32 +03:00
Code Activity

Abandoning URL embedded identities for Basic auth

Browse Source 
Use an `Authorization` header instead, which is a safer choice than URL embedded identities (aka `http://user:pass@example.com`). [Chrome 19 dropped support][chromium128323] for URL embedded identities in XMLHttpRequest for security reasons.

Added documentation note about how this will overwrite any existing `Authorization` header that the user may have set.

[chromium128323]: https://code.google.com/p/chromium/issues/detail?id=128323
This commit is contained in:
Idan Gazit
2015-12-09 13:21:07 +02:00
parent e270c70d4d
commit 95df032fbd
2 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/adapters/xhr.js
+6 -6
View File
@@ -40,15 +40,15 @@ module.exports = function xhrAdapter(resolve, reject, config) {
}
// HTTP basic authentication
var configAuth = config.auth || {};
var auth = {
username: configAuth.username || configAuth.user || '',
password: configAuth.password || configAuth.pass || ''
};
if (config.auth) {
var username = config.auth.user || config.auth.username || '';
var password = config.auth.pass || config.auth.password || '';
requestHeaders['Authorization'] = 'Basic: ' + window.btoa(username + ':' + password);
}
// Create the request
var request = new adapter('Microsoft.XMLHTTP');
request.open(config.method.toUpperCase(), buildURL(config.url, config.params, config.paramsSerializer), true, auth.username, auth.password);
request.open(config.method.toUpperCase(), buildURL(config.url, config.params, config.paramsSerializer), true);
// Set the request timeout in MS
request.timeout = config.timeout;