Strona główna Odkrywaj Pomoc
Zaloguj się
lovecoding
/
W0407
10
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: main
Gałęzie Tagi
W0407
/
Webpack
/
node_modules
/
axios
/
lib
/
helpers
/
resolveConfig.js

resolveConfig.js 3.4 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. import platform from '../platform/index.js';
    2. 

  2. import utils from '../utils.js';
    3. 

  3. import isURLSameOrigin from './isURLSameOrigin.js';
    4. 

  4. import cookies from './cookies.js';
    5. 

  5. import buildFullPath from '../core/buildFullPath.js';
    6. 

  6. import mergeConfig from '../core/mergeConfig.js';
    7. 

  7. import AxiosHeaders from '../core/AxiosHeaders.js';
    8. 

  8. import buildURL from './buildURL.js';
    9. 

  9. 

  10. const FORM_DATA_CONTENT_HEADERS = ['content-type', 'content-length'];
    11. 

  11. 

  12. function setFormDataHeaders(headers, formHeaders, policy) {
    13. 

  13.   if (policy !== 'content-only') {
    14. 

  14.     headers.set(formHeaders);
    15. 

  15.     return;
    16. 

  16.   }
    17. 

  17. 

  18.   Object.entries(formHeaders).forEach(([key, val]) => {
    19. 

  19.     if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
    20. 

  20.       headers.set(key, val);
    21. 

  21.     }
    22. 

  22.   });
    23. 

  23. }
    24. 

  24. 

  25. /**
    26. 

  26.  * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
    27. 

  27.  * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
    28. 

  28.  *
    29. 

  29.  * @param {string} str The string to encode
    30. 

  30.  *
    31. 

  31.  * @returns {string} UTF-8 bytes as a Latin-1 string
    32. 

  32.  */
    33. 

  33. const encodeUTF8 = (str) =>
    34. 

  34.   encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
    35. 

  35.     String.fromCharCode(parseInt(hex, 16))
    36. 

  36.   );
    37. 

  37. 

  38. export default (config) => {
    39. 

  39.   const newConfig = mergeConfig({}, config);
    40. 

  40. 

  41.   // Read only own properties to prevent prototype pollution gadgets
    42. 

  42.   // (e.g. Object.prototype.baseURL = 'https://evil.com').
    43. 

  43.   const own = (key) => (utils.hasOwnProp(newConfig, key) ? newConfig[key] : undefined);
    44. 

  44. 

  45.   const data = own('data');
    46. 

  46.   let withXSRFToken = own('withXSRFToken');
    47. 

  47.   const xsrfHeaderName = own('xsrfHeaderName');
    48. 

  48.   const xsrfCookieName = own('xsrfCookieName');
    49. 

  49.   let headers = own('headers');
    50. 

  50.   const auth = own('auth');
    51. 

  51.   const baseURL = own('baseURL');
    52. 

  52.   const allowAbsoluteUrls = own('allowAbsoluteUrls');
    53. 

  53.   const url = own('url');
    54. 

  54. 

  55.   newConfig.headers = headers = AxiosHeaders.from(headers);
    56. 

  56. 

  57.   newConfig.url = buildURL(
    58. 

  58.     buildFullPath(baseURL, url, allowAbsoluteUrls),
    59. 

  59.     config.params,
    60. 

  60.     config.paramsSerializer
    61. 

  61.   );
    62. 

  62. 

  63.   // HTTP basic authentication
    64. 

  64.   if (auth) {
    65. 

  65.     headers.set(
    66. 

  66.       'Authorization',
    67. 

  67.       'Basic ' +
    68. 

  68.         btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : ''))
    69. 

  69.     );
    70. 

  70.   }
    71. 

  71. 

  72.   if (utils.isFormData(data)) {
    73. 

  73.     if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
    74. 

  74.       headers.setContentType(undefined); // browser handles it
    75. 

  75.     } else if (utils.isFunction(data.getHeaders)) {
    76. 

  76.       // Node.js FormData (like form-data package)
    77. 

  77.       setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
    78. 

  78.     }
    79. 

  79.   }
    80. 

  80. 

  81.   // Add xsrf header
    82. 

  82.   // This is only done if running in a standard browser environment.
    83. 

  83.   // Specifically not if we're in a web worker, or react-native.
    84. 

  84. 

  85.   if (platform.hasStandardBrowserEnv) {
    86. 

  86.     if (utils.isFunction(withXSRFToken)) {
    87. 

  87.       withXSRFToken = withXSRFToken(newConfig);
    88. 

  88.     }
    89. 

  89. 

  90.     // Strict boolean check — prevents proto-pollution gadgets (e.g. Object.prototype.withXSRFToken = 1)
    91. 

  91.     // and misconfigurations (e.g. "false") from short-circuiting the same-origin check and leaking
    92. 

  92.     // the XSRF token cross-origin.
    93. 

  93.     const shouldSendXSRF =
    94. 

  94.       withXSRFToken === true || (withXSRFToken == null && isURLSameOrigin(newConfig.url));
    95. 

  95. 

  96.     if (shouldSendXSRF) {
    97. 

  97.       const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName);
    98. 

  98. 

  99.       if (xsrfValue) {
    100. 

  100.         headers.set(xsrfHeaderName, xsrfValue);
    101. 

  101.       }
    102. 

  102.     }
    103. 

  103.   }
    104. 

  104. 

  105.   return newConfig;
    106. 

  106. };
    107.