Using request JS for external APIs : ability to disable csrf token

[adrienpoly]

I wanted to use RequestJs for all my API calls including external calls (replace Axios and remove Fetch polyfills).

But RequestJs adds the CSRF token headers to all request and some API service will throw an error if this is included in the Header.

Is this out of the scope of that library or could we imagine to pass a params csrfToken: false to disable it

[excid3]

That's a great idea @adrienpoly. It would be very convenient to use Request.js for everything and be able to disable that when making external requests.

Maybe it could also have a check to see if location.host matches the request host so it could be automatically handled?

[adrienpoly]

Maybe it could also have a check to see if location.host matches the request host so it could be automatically handled?

🎉 🤯 that would be even better @excid3 !!!!!

Also currently all GET request have that CSRF token. Do you see in Rails world any need for that ?

[marcelolx]

Also currently all GET request have that CSRF token. Do you see in Rails world any need for that ?

@adrienpoly yes, it is needed for authentication (if your app requires the user to be authenticated for that given GET request, of course)