Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing xsrf header on missing xsrfCookieName #406

Merged
merged 2 commits into from Aug 13, 2016

Conversation

@pracucci
Copy link
Contributor

commented Aug 8, 2016

This change introduce a way to disable cookies reading and fix #395.

@coveralls

This comment has been minimized.

Copy link

commented Aug 8, 2016

Coverage Status

Coverage remained the same at 92.876% when pulling 85b9015 on pracucci:master into 8abe0d4 on mzabriskie:master.

@@ -28,6 +28,19 @@ describe('xsrf', function () {
});
});

it('should not set xsrf header if xsrfCookieName is null', function (done) {

This comment has been minimized.

Copy link
@rubennorte

rubennorte Aug 8, 2016

Member

Maybe you should include a test to check that document.cookie isn't read if xsrfCookieName is null, as it's the main motivation of this PR. We can only do that using ES5 getters and we haven't used them in any test (nor the production code). It will work in the test runners but we claim to support IE8+ for the production code, so I'm not entirely sure it's a good idea. What do you think @mzabriskie @nickuraltsev ?

This comment has been minimized.

Copy link
@nickuraltsev

nickuraltsev Aug 8, 2016

Member

I think we can make an assumption that the adapter doesn't access document.cookie directly, but rather uses the cookies helper. It's seems to be much easier to spy on a function than on a property with Jasmine.

This comment has been minimized.

Copy link
@rubennorte

rubennorte Aug 8, 2016

Member

I agree. @pracucci, can you add that test?

This comment has been minimized.

Copy link
@pracucci

pracucci Aug 11, 2016

Author Contributor

Done. What's about this?

@coveralls

This comment has been minimized.

Copy link

commented Aug 11, 2016

Coverage Status

Coverage remained the same at 92.876% when pulling e861a6c on pracucci:master into 8abe0d4 on mzabriskie:master.

@nickuraltsev nickuraltsev merged commit 6132d96 into axios:master Aug 13, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.