From 3933e169fc230b8170a4aa89ed9e2fbc2febeffa Mon Sep 17 00:00:00 2001 From: Ali Clark Date: Thu, 10 Dec 2020 18:07:45 +0000 Subject: [PATCH 1/5] Updating the 'Global axios defaults' README to use a safer example The existing example usage it isn't safe in the general case as it can lead to auth tokens being leaked to 3rd party endpoints by unexpectedly. This change instead gives an example using "axios.defaults.headers.common" to set the User-Agent, which is an equally helpful use-case to document. The 'Custom instance defaults' example just below the 'Global axios defaults' example shows a method to set the 'Authorization' header specific to a given API. I've also updated the variable in the 'Custom instance defaults' code to use a semantically more relevant name within that example. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 44264f6c13..03c314f897 100755 --- a/README.md +++ b/README.md @@ -510,7 +510,7 @@ You can specify config defaults that will be applied to every request. ```js axios.defaults.baseURL = 'https://api.example.com'; -axios.defaults.headers.common['Authorization'] = AUTH_TOKEN; +axios.defaults.headers.common['User-Agent'] = /* eg. 'AppName/1.0.0' */; axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded'; ``` @@ -518,12 +518,12 @@ axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded ```js // Set config defaults when creating the instance -const instance = axios.create({ +const api = axios.create({ baseURL: 'https://api.example.com' }); -// Alter defaults after instance has been created -instance.defaults.headers.common['Authorization'] = AUTH_TOKEN; +// Alter defaults after api instance has been created +api.defaults.headers.common['Authorization'] = AUTH_TOKEN; ``` ### Config order of precedence From d65ec471ead59f28d069563246f164c0fd3949ad Mon Sep 17 00:00:00 2001 From: Ali Clark Date: Mon, 11 Jan 2021 09:11:31 +0000 Subject: [PATCH 2/5] Revert the example instance name in response to PR request --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 03c314f897..9a0ce871d3 100755 --- a/README.md +++ b/README.md @@ -518,12 +518,12 @@ axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded ```js // Set config defaults when creating the instance -const api = axios.create({ +const instance = axios.create({ baseURL: 'https://api.example.com' }); -// Alter defaults after api instance has been created -api.defaults.headers.common['Authorization'] = AUTH_TOKEN; +// Alter defaults after instance has been created +instance.defaults.headers.common['Authorization'] = AUTH_TOKEN; ``` ### Config order of precedence From 1869636888be96d9227a9d97ffb89165c4c05317 Mon Sep 17 00:00:00 2001 From: Ali Clark Date: Mon, 11 Jan 2021 09:13:47 +0000 Subject: [PATCH 3/5] Reintroduce the Authorization example with a disclaimer about its usage --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 9a0ce871d3..aa7a50c166 100755 --- a/README.md +++ b/README.md @@ -511,6 +511,11 @@ You can specify config defaults that will be applied to every request. ```js axios.defaults.baseURL = 'https://api.example.com'; axios.defaults.headers.common['User-Agent'] = /* eg. 'AppName/1.0.0' */; + +// nb: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them. +// See below for an example using Custom instance defaults instead. +axios.defaults.headers.common['Authorization'] = AUTH_TOKEN; + axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded'; ``` From 1f1b0bca1a83cf1a8569d46c22ebfefa97e6e406 Mon Sep 17 00:00:00 2001 From: Ali Clark Date: Mon, 11 Jan 2021 12:57:04 +0000 Subject: [PATCH 4/5] Update wording nb -> important on usage comment --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aa7a50c166..66f5952d06 100755 --- a/README.md +++ b/README.md @@ -512,7 +512,7 @@ You can specify config defaults that will be applied to every request. axios.defaults.baseURL = 'https://api.example.com'; axios.defaults.headers.common['User-Agent'] = /* eg. 'AppName/1.0.0' */; -// nb: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them. +// Important: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them. // See below for an example using Custom instance defaults instead. axios.defaults.headers.common['Authorization'] = AUTH_TOKEN; From 453f4d3d00a9a4e2b604a15856bbd9a35e37636d Mon Sep 17 00:00:00 2001 From: Ali Clark Date: Tue, 12 Jan 2021 10:53:34 +0000 Subject: [PATCH 5/5] Remove User-Agent example due to issues with this on Chrome and Safari See https://github.com/axios/axios/issues/1231 Credit @chinesedfan for pointing this out --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 66f5952d06..7ec0dd0836 100755 --- a/README.md +++ b/README.md @@ -510,7 +510,6 @@ You can specify config defaults that will be applied to every request. ```js axios.defaults.baseURL = 'https://api.example.com'; -axios.defaults.headers.common['User-Agent'] = /* eg. 'AppName/1.0.0' */; // Important: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them. // See below for an example using Custom instance defaults instead.