Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default headers example AUTH_TOKEN comment #3539


Copy link

@aliclark aliclark commented Jan 11, 2021

If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them when using the example code:

axios.defaults.headers.common['Authorization'] = AUTH_TOKEN

This PR adds a comment above the example to that effect and points below for an example using Custom instance defaults instead.

The PR also adds an example setting User-Agent, which is another common case for setting axios.defaults.headers.common.

This is a continuation of #3471 which was previously closed.

aliclark added 3 commits Dec 12, 2020
The existing example usage it isn't safe in the general case as it can
lead to auth tokens being leaked to 3rd party endpoints by unexpectedly.

This change instead gives an example using
"axios.defaults.headers.common" to set the User-Agent, which is an
equally helpful use-case to document.

The 'Custom instance defaults' example just below the 'Global axios
defaults' example shows a method to set the 'Authorization' header
specific to a given API. I've also updated the variable in the 'Custom
instance defaults' code to use a semantically more relevant name within
that example.
@aliclark aliclark changed the title Default headers example without confidential text Default headers example AUTH_TOKEN comment Jan 11, 2021
Copy link

@jasonsaayman jasonsaayman left a comment

Looks good, I know I am being a bit uptight but if you can change that wording then it will be perfect 💯

Loading Outdated Show resolved Hide resolved
aliclark added 2 commits Jan 11, 2021
… into default-headers-example-without-confidential-text Outdated Show resolved Hide resolved
Copy link
Contributor Author

@aliclark aliclark commented Jan 12, 2021

Thanks both for the feedback!

I'm not able to merge as a collaborator so hope either of you can merge whenever is a good time.

Thanks again and apologies for the drama.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants