Closed ghenry closed 4 years ago
Do I have to set anything to send X-XSRF-TOKEN header if I set a XSRF-TOKEN cookie server side?
https://github.com/axios/axios/blob/master/lib/defaults.js#L74 https://github.com/axios/axios/blob/master/dist/axios.js#L1072
It reads like I don't, but I'm not seeing one go out.
I'll add that I have set withCredentials to true, so I do meet the first check in the OR:
var xsrfValue = (config.withCredentials || isURLSameOrigin(config.url)) && config.xsrfCookieName ?
cookies.read(config.xsrfCookieName) :
undefined;
if (xsrfValue) {
requestHeaders[config.xsrfHeaderName] = xsrfValue;
}
so if config.xsrfCookieName is a default.....
Update:
So, my OPTIONS preflight CORS is working, as is the POST now, but no X-XSRF-TOKEN being sent.
methods: {
onSubmit(e) {
this.axios
.post(
e.target.action,
{ data: this.form },
{
withCredentials: true,
xsrfCookieName: "XSRF-TOKEN",
xsrfHeaderName: "X-XSRF-TOKEN"
}
)
.then(res => {
console.log(res)
})
.catch(err => {
this.errors.push(err)
})
}
}
Thanks.
Should I have to set these config items if they are already default?
Any one have any ideas?
No one?
Did you end up resolving this?
Not yet. Will be back on this soon when we make https://www.surevoip.co.uk/mobile live.
If xsrfCookieName = 'session'
var match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
@ghenry
I log match
result (In lib/helpers/cookies Ln:35) and got the null
.
The problem is... my session
is httpOnly
in cookie, document.cookie
can't find it.
So this only works with https?
Still got this issue.
Hi @ghenry
For me, that solved it.
https://github.com/axios/axios/issues/876#issuecomment-309871930
Hope it can help!
Besides of withCredentials
as @pascalboucher mentioned, you may check whether they are HttpOnly or Secure, and scopes of cookies. Read more in MDN about which kind of cookies can be Javascript accessed. Closed due to not an issue of axios.
Summary
Can't trigger
X-XSRF-TOKEN
header to be sent with aPOST
:https://stackoverflow.com/questions/52863990/x-xsrf-token-header-with-axios
Context