No x-xsrf-token in header in 1.7.*

Question

No x-xsrf-token in header in 1.7.*

DimulyaMonster opened this issue 3 months ago · comments

Describe the bug

In axios 1.6.7 i get token from breeze auth laravel 11.
console.log('token '+r.config.headers["X-XSRF-TOKEN"]) localStorage.setItem( "x-xsrf-token", r.config.headers["X-XSRF-TOKEN"] );
But in axios 1.7.7 it is undefined.

Same code - withCredentials withXSRFToken are true, but cannot get token after login. It is missing in headers, config or whatever.
Definitely i can get it from cookie file, but in axios 1.6.7 it was working this way.

Seems withXSRFToken logic changed and i do not receive token in headers.

p.s. i use vue3 with laravel api on subdomain - all corses are correct cause 1.6.7 works - 1.7.7 not

To Reproduce

No response

Code snippet

No response

Expected behavior

No response

Axios Version

1.7.7

Adapter Version

No response

Browser

No response

Browser Version

No response

Node.js Version

No response

OS

No response

Additional Library Versions

No response

Additional context/Screenshots

No response

Gautam Rana · Answer 1 · Fri Sep 27 2024 12:27:03 GMT+0800 (China Standard Time)

Can you please assign to me

Md Mudassir Akhter · Answer 2 · Fri Sep 27 2024 13:50:45 GMT+0800 (China Standard Time)

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

DimulyaMonster · Answer 3 · Fri Sep 27 2024 15:33:15 GMT+0800 (China Standard Time)

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

Yeap. Its obvious. But how can i get this token now... No clue, tried almost everything.
Only from cookies. Maybe i do not need it at all, but have to rewrite some logic due axios update

Jay · Answer 4 · Fri Sep 27 2024 15:44:51 GMT+0800 (China Standard Time)

Check put the docs over here, hope it helps with the headers issue:

https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

Md Mudassir Akhter · Answer 5 · Fri Sep 27 2024 16:01:39 GMT+0800 (China Standard Time)

i think behavior of Axios regarding XSRF tokens has changed between versions 1.6.7 and 1.7.7.

Yeap. Its obvious. But how can i get this token now... No clue, tried almost everything. Only from cookies. Maybe i do not need it at all, but have to rewrite some logic due axios update

i think we can manually extract the token from the cookies and set it in the Axios headers

Gurvir Singh · Answer 6 · Tue Oct 01 2024 11:50:23 GMT+0800 (China Standard Time)

Check put the docs over here, hope it helps with the headers issue:
https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

As per docs referred, direct access to headers is decrypted, therefor r.config.headers["X-XSRF-TOKEN"] won't work.
You will have to iterate over the headers to obtain the key you are looking for.

Note, maybe you would be able access the header using the get method on AxiosHeaders using request.headers.get("X-XSRF-TOKEN")

DimulyaMonster · Answer 7 · Wed Oct 02 2024 16:05:23 GMT+0800 (China Standard Time)

Check put the docs over here, hope it helps with the headers issue:
https://github.com/axios/axios?tab=readme-ov-file#-axiosheaders

As per docs referred, direct access to headers is decrypted, therefor r.config.headers["X-XSRF-TOKEN"] won't work. You will have to iterate over the headers to obtain the key you are looking for.

Note, maybe you would be able access the header using the get method on AxiosHeaders using request.headers.get("X-XSRF-TOKEN")

The only problem there is no x-xsrf-token at all in response... nowhere.
I see it in chrome dev tools. In headers section, but nowhere in console.log(response)