axios / axios

Promise based HTTP client for the browser and node.js
https://axios-http.com
MIT License
105.92k stars 10.97k forks source link

No x-xsrf-token in header in 1.7.* #6612

Open DimulyaMonster opened 2 months ago

DimulyaMonster commented 2 months ago

Describe the bug

In axios 1.6.7 i get token from breeze auth laravel 11. console.log('token '+r.config.headers["X-XSRF-TOKEN"]) localStorage.setItem( "x-xsrf-token", r.config.headers["X-XSRF-TOKEN"] ); But in axios 1.7.7 it is undefined.

Same code - withCredentials withXSRFToken are true, but cannot get token after login. It is missing in headers, config or whatever. Definitely i can get it from cookie file, but in axios 1.6.7 it was working this way.

Seems withXSRFToken logic changed and i do not receive token in headers.

p.s. i use vue3 with laravel api on subdomain - all corses are correct cause 1.6.7 works - 1.7.7 not

To Reproduce

No response

Code snippet

No response

Expected behavior

No response

Axios Version

1.7.7

Adapter Version

No response

Browser

No response

Browser Version

No response

Node.js Version

No response

OS

No response

Additional Library Versions

No response

Additional context/Screenshots

No response

beingPro007 commented 2 months ago

Can you please assign to me

mudassir-jmi commented 2 months ago

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

DimulyaMonster commented 2 months ago

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

Yeap. Its obvious. But how can i get this token now... No clue, tried almost everything. Only from cookies. Maybe i do not need it at all, but have to rewrite some logic due axios update

jasonsaayman commented 2 months ago

Check put the docs over here, hope it helps with the headers issue:

https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

mudassir-jmi commented 2 months ago

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

Yeap. Its obvious. But how can i get this token now... No clue, tried almost everything. Only from cookies. Maybe i do not need it at all, but have to rewrite some logic due axios update

i think we can manually extract the token from the cookies and set it in the Axios headers

baraich commented 2 months ago

Check put the docs over here, hope it helps with the headers issue: https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

As per docs referred, direct access to headers is decrypted, therefor r.config.headers["X-XSRF-TOKEN"] won't work. You will have to iterate over the headers to obtain the key you are looking for.

Note, maybe you would be able access the header using the get method on AxiosHeaders using request.headers.get("X-XSRF-TOKEN")

DimulyaMonster commented 2 months ago

Check put the docs over here, hope it helps with the headers issue: https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

As per docs referred, direct access to headers is decrypted, therefor r.config.headers["X-XSRF-TOKEN"] won't work. You will have to iterate over the headers to obtain the key you are looking for.

Note, maybe you would be able access the header using the get method on AxiosHeaders using request.headers.get("X-XSRF-TOKEN")

The only problem there is no x-xsrf-token at all in response... nowhere. I see it in chrome dev tools. In headers section, but nowhere in console.log(response)