mirror of
https://github.com/tenrok/axios.git
synced 2026-06-17 19:21:29 +03:00
Jay
9d92bcd326
* chore: remove un-needed ghsa in the comments of files * fix: auth header * fix: escape regex chars in cookies.read * fix: read-side merge and descriptors * fix: enable redaction in the .toJson for errors * fix: general IPv4-mapped IPv6 normalization in NO_PROXY * fix: added regression tests for scenarios already covered * chore: remove un-needed comments * fix: harden proxy host detection and error redaction * fix: make form-data header change opt-in * fix: apply suggestions form github review * fix: cubic review * fix: widen the regexs for matches Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> * fix: smaller issue found by cubic * fix: address prototype chain * fix: update as per cubic --------- Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
61 lines
2.0 KiB
JavaScript
61 lines
2.0 KiB
JavaScript
import utils from '../utils.js';
|
|
import platform from '../platform/index.js';
|
|
|
|
export default platform.hasStandardBrowserEnv
|
|
? // Standard browser envs support document.cookie
|
|
{
|
|
write(name, value, expires, path, domain, secure, sameSite) {
|
|
if (typeof document === 'undefined') return;
|
|
|
|
const cookie = [`${name}=${encodeURIComponent(value)}`];
|
|
|
|
if (utils.isNumber(expires)) {
|
|
cookie.push(`expires=${new Date(expires).toUTCString()}`);
|
|
}
|
|
if (utils.isString(path)) {
|
|
cookie.push(`path=${path}`);
|
|
}
|
|
if (utils.isString(domain)) {
|
|
cookie.push(`domain=${domain}`);
|
|
}
|
|
if (secure === true) {
|
|
cookie.push('secure');
|
|
}
|
|
if (utils.isString(sameSite)) {
|
|
cookie.push(`SameSite=${sameSite}`);
|
|
}
|
|
|
|
document.cookie = cookie.join('; ');
|
|
},
|
|
|
|
read(name) {
|
|
if (typeof document === 'undefined') return null;
|
|
// Match name=value by splitting on the semicolon separator instead of building a
|
|
// RegExp from `name` — interpolating an unescaped string into a RegExp would let
|
|
// metacharacters (e.g. `.+?` in an attacker-influenced cookie name) cause ReDoS or
|
|
// match the wrong cookie. Browsers may serialize cookie pairs as either ";" or
|
|
// "; ", so ignore optional whitespace before each cookie name.
|
|
const cookies = document.cookie.split(';');
|
|
for (let i = 0; i < cookies.length; i++) {
|
|
const cookie = cookies[i].replace(/^\s+/, '');
|
|
const eq = cookie.indexOf('=');
|
|
if (eq !== -1 && cookie.slice(0, eq) === name) {
|
|
return decodeURIComponent(cookie.slice(eq + 1));
|
|
}
|
|
}
|
|
return null;
|
|
},
|
|
|
|
remove(name) {
|
|
this.write(name, '', Date.now() - 86400000, '/');
|
|
},
|
|
}
|
|
: // Non-standard browser env (web workers, react-native) lack needed support.
|
|
{
|
|
write() {},
|
|
read() {
|
|
return null;
|
|
},
|
|
remove() {},
|
|
};
|