Adding xsrf configuration option to allow for toggling of XSRF protection
#98
Conversation
|
Would help with #70, though without further testing I'm not sure it would fully resolve. |
|
I'm confused about this test failure...not sure it has anything to do with my code. Seems like a configuration issue. |
…ection. Default is *disabled*.
|
I had the same problem. I opened a PR which fixes your problem. Have a look at #100 😄 |
|
awesome. Thanks @DFournier! I'll wait to fix until #100 is merged and then I'll rebase. |
|
@skevy try rebasing. Also, let's call the flag |
|
@mzabriskie should be all set. Sorry for the delay on this :) |
|
@skevy I was just about to merge this, when I had a thought. Why do we need a config option? I think that axios should be smart enough to know when it is not in a browser environment, and gracefully skip the XSRF stuff itself. This would allow it to work in a web worker as well. Basically let's get rid of |
|
@mzabriskie while I think the idea is right, I'm not sure what the best way to detect that would be. At the moment, especially when running in debug mode, there's really no way to easily tell whether RN is a browser or not. There's an open proposal to add something to |
|
@skevy would it matter if react-native is running in the browser? In that case it will try adding the xsrf cookie as a header to the request. But if the cookie doesn't exist, no harm done. The real problem is avoiding a reference to |
|
I had @tylermcginnis do some testing for me. Here are the findings:
These are the only browser specific references that axios is using for xsrf protection. I believe that if we test around these conditions, we can make axios work in react-native. |
|
Let me know if you need any more help, glad to help. |
New default is disabled. Potentially breaking change for some, but enables axios to work on client-side JS platforms other than the browser (e.g. react-native).