axios icon indicating copy to clipboard operation
axios copied to clipboard
verified publisher icon axios

No x-xsrf-token in header in 1.7.*

Open DimulyaMonster opened this issue 1 year ago • 7 comments

Describe the bug

In axios 1.6.7 i get token from breeze auth laravel 11. console.log('token '+r.config.headers["X-XSRF-TOKEN"]) localStorage.setItem( "x-xsrf-token", r.config.headers["X-XSRF-TOKEN"] ); But in axios 1.7.7 it is undefined.

Same code - withCredentials withXSRFToken are true, but cannot get token after login. It is missing in headers, config or whatever. Definitely i can get it from cookie file, but in axios 1.6.7 it was working this way.

Seems withXSRFToken logic changed and i do not receive token in headers.

p.s. i use vue3 with laravel api on subdomain - all corses are correct cause 1.6.7 works - 1.7.7 not

To Reproduce

No response

Code snippet

No response

Expected behavior

No response

Axios Version

1.7.7

Adapter Version

No response

Browser

No response

Browser Version

No response

Node.js Version

No response

OS

No response

Additional Library Versions

No response

Additional context/Screenshots

No response

DimulyaMonster avatar Sep 26 '24 02:09 DimulyaMonster

Can you please assign to me

beingPro007 avatar Sep 27 '24 04:09 beingPro007

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

mudassir-jmi avatar Sep 27 '24 05:09 mudassir-jmi

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

Yeap. Its obvious. But how can i get this token now... No clue, tried almost everything. Only from cookies. Maybe i do not need it at all, but have to rewrite some logic due axios update

DimulyaMonster avatar Sep 27 '24 07:09 DimulyaMonster

Check put the docs over here, hope it helps with the headers issue:

https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

jasonsaayman avatar Sep 27 '24 07:09 jasonsaayman

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

Yeap. Its obvious. But how can i get this token now... No clue, tried almost everything. Only from cookies. Maybe i do not need it at all, but have to rewrite some logic due axios update

i think we can manually extract the token from the cookies and set it in the Axios headers

mudassir-jmi avatar Sep 27 '24 08:09 mudassir-jmi

Check put the docs over here, hope it helps with the headers issue: https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

As per docs referred, direct access to headers is decrypted, therefor r.config.headers["X-XSRF-TOKEN"] won't work. You will have to iterate over the headers to obtain the key you are looking for.

Note, maybe you would be able access the header using the get method on AxiosHeaders using request.headers.get("X-XSRF-TOKEN")

baraich avatar Oct 01 '24 03:10 baraich

Check put the docs over here, hope it helps with the headers issue: https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

As per docs referred, direct access to headers is decrypted, therefor r.config.headers["X-XSRF-TOKEN"] won't work. You will have to iterate over the headers to obtain the key you are looking for.

Note, maybe you would be able access the header using the get method on AxiosHeaders using request.headers.get("X-XSRF-TOKEN")

The only problem there is no x-xsrf-token at all in response... nowhere. I see it in chrome dev tools. In headers section, but nowhere in console.log(response)

DimulyaMonster avatar Oct 02 '24 08:10 DimulyaMonster