Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
Valavuo
/
inventory
2
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 7fb1822fb9
Branch-ok Tag-ek
inventory
/
frontend
/
node_modules
/
axios
/
lib
/
helpers
/
resolveConfig.js

resolveConfig.js 3.0 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. import platform from '../platform/index.js';
    2. 

  2. import utils from '../utils.js';
    3. 

  3. import isURLSameOrigin from './isURLSameOrigin.js';
    4. 

  4. import cookies from './cookies.js';
    5. 

  5. import buildFullPath from '../core/buildFullPath.js';
    6. 

  6. import mergeConfig from '../core/mergeConfig.js';
    7. 

  7. import AxiosHeaders from '../core/AxiosHeaders.js';
    8. 

  8. import buildURL from './buildURL.js';
    9. 

  9. 

  10. export default (config) => {
    11. 

  11.   const newConfig = mergeConfig({}, config);
    12. 

  12. 

  13.   // Read only own properties to prevent prototype pollution gadgets
    14. 

  14.   // (e.g. Object.prototype.baseURL = 'https://evil.com'). See GHSA-q8qp-cvcw-x6jj.
    15. 

  15.   const own = (key) => (utils.hasOwnProp(newConfig, key) ? newConfig[key] : undefined);
    16. 

  16. 

  17.   const data = own('data');
    18. 

  18.   let withXSRFToken = own('withXSRFToken');
    19. 

  19.   const xsrfHeaderName = own('xsrfHeaderName');
    20. 

  20.   const xsrfCookieName = own('xsrfCookieName');
    21. 

  21.   let headers = own('headers');
    22. 

  22.   const auth = own('auth');
    23. 

  23.   const baseURL = own('baseURL');
    24. 

  24.   const allowAbsoluteUrls = own('allowAbsoluteUrls');
    25. 

  25.   const url = own('url');
    26. 

  26. 

  27.   newConfig.headers = headers = AxiosHeaders.from(headers);
    28. 

  28. 

  29.   newConfig.url = buildURL(
    30. 

  30.     buildFullPath(baseURL, url, allowAbsoluteUrls),
    31. 

  31.     config.params,
    32. 

  32.     config.paramsSerializer
    33. 

  33.   );
    34. 

  34. 

  35.   // HTTP basic authentication
    36. 

  36.   if (auth) {
    37. 

  37.     headers.set(
    38. 

  38.       'Authorization',
    39. 

  39.       'Basic ' +
    40. 

  40.         btoa(
    41. 

  41.           (auth.username || '') +
    42. 

  42.             ':' +
    43. 

  43.             (auth.password ? unescape(encodeURIComponent(auth.password)) : '')
    44. 

  44.         )
    45. 

  45.     );
    46. 

  46.   }
    47. 

  47. 

  48.   if (utils.isFormData(data)) {
    49. 

  49.     if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
    50. 

  50.       headers.setContentType(undefined); // browser handles it
    51. 

  51.     } else if (utils.isFunction(data.getHeaders)) {
    52. 

  52.       // Node.js FormData (like form-data package)
    53. 

  53.       const formHeaders = data.getHeaders();
    54. 

  54.       // Only set safe headers to avoid overwriting security headers
    55. 

  55.       const allowedHeaders = ['content-type', 'content-length'];
    56. 

  56.       Object.entries(formHeaders).forEach(([key, val]) => {
    57. 

  57.         if (allowedHeaders.includes(key.toLowerCase())) {
    58. 

  58.           headers.set(key, val);
    59. 

  59.         }
    60. 

  60.       });
    61. 

  61.     }
    62. 

  62.   }
    63. 

  63. 

  64.   // Add xsrf header
    65. 

  65.   // This is only done if running in a standard browser environment.
    66. 

  66.   // Specifically not if we're in a web worker, or react-native.
    67. 

  67. 

  68.   if (platform.hasStandardBrowserEnv) {
    69. 

  69.     if (utils.isFunction(withXSRFToken)) {
    70. 

  70.       withXSRFToken = withXSRFToken(newConfig);
    71. 

  71.     }
    72. 

  72. 

  73.     // Strict boolean check — prevents proto-pollution gadgets (e.g. Object.prototype.withXSRFToken = 1)
    74. 

  74.     // and misconfigurations (e.g. "false") from short-circuiting the same-origin check and leaking
    75. 

  75.     // the XSRF token cross-origin. See GHSA-xx6v-rp6x-q39c.
    76. 

  76.     const shouldSendXSRF =
    77. 

  77.       withXSRFToken === true ||
    78. 

  78.       (withXSRFToken == null && isURLSameOrigin(newConfig.url));
    79. 

  79. 

  80.     if (shouldSendXSRF) {
    81. 

  81.       const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName);
    82. 

  82. 

  83.       if (xsrfValue) {
    84. 

  84.         headers.set(xsrfHeaderName, xsrfValue);
    85. 

  85.       }
    86. 

  86.     }
    87. 

  87.   }
    88. 

  88. 

  89.   return newConfig;
    90. 

  90. };
    91.