mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-17 19:21:29 +03:00
Code Activity
Files
614f4552a17de757d4171ad7c3bd38c9c1025fd8
axios/PRE_RELEASE_DOCS.md
T

2.1 KiB
Raw Blame History

Pre-Release Documentation Notes

Purpose

Track documentation updates that should be applied during release preparation.

Do not treat this file as final documentation. Each entry should give enough context for a maintainer or LLM to update README, docs pages, examples, migration guides, and translated docs when the release is prepared.

Do not store raw diffs or line-number-only instructions here; prefer stable section names, target files, required concepts, examples, and release-specific notes.

Entry Format

  • Change: Short feature/fix name.
  • Source: PR, issue, or changelog reference.
  • Status: Pending | Applied | Skipped.
  • Docs targets: Files or docs sections likely needing updates.
  • Required content: What the docs must explain.
  • Examples: Any code snippets or examples that should be included.
  • Notes: Constraints, release-only wording, translation follow-up, etc.

Unreleased

sensitiveHeaders request config

  • Change: Document the Node.js sensitiveHeaders request config option for stripping custom secret headers from cross-origin redirects.
  • Source: PRE_RELEASE_CHANGELOG.md Security Fixes, #10892.
  • Status: Pending.
  • Docs targets: docs/pages/misc/security.md; docs/pages/advanced/request-config.md; README request config section if it lists all config options; translated docs after English docs are finalized.
  • Required content: Explain that sensitiveHeaders is an optional array of custom secret-bearing header names. Matching is case-insensitive. The Node.js HTTP adapter removes matching headers only when following a redirect to a different origin. Same-origin redirects keep these headers. If maxRedirects is 0, axios does not follow redirects and sensitiveHeaders is not used. Mention common custom authentication headers such as X-API-Key.
  • Examples: Include this request example.
axios.get('https://api.example.com/users', {
  headers: { 'X-API-Key': 'secret' },
  sensitiveHeaders: ['X-API-Key']
});
  • Notes: Add a security page row linking to the request-config section and add a sensitiveHeaders request-config entry marked Node.js only.
View Git Blame Copy Permalink