mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-08 17:22:34 +03:00
Code Activity

fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)

Browse Source 
Co-authored-by: DigitalBrainJS <robotshara@gmail.com>
This commit is contained in:
Valentin Panov
2023-10-26 21:54:06 +02:00
committed by GitHub
parent 7d45ab2e2a
commit 96ee232bd3
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/adapters/xhr.js
+2 -2
View File
@@ -188,8 +188,8 @@ export default isXHRAdapterSupported && function (config) {
// Specifically not if we're in a web worker, or react-native.
if (platform.isStandardBrowserEnv) {
// Add xsrf header
const xsrfValue = (config.withCredentials || isURLSameOrigin(fullPath))
&& config.xsrfCookieName && cookies.read(config.xsrfCookieName);
// regarding CVE-2023-45857 config.withCredentials condition was removed temporarily
const xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
if (xsrfValue) {
requestHeaders.set(config.xsrfHeaderName, xsrfValue);