I have successfully configured axios to automatically include the X-XSRF-TOKEN header in all requests when the XSRF-TOKEN cookie is present. However, I'm facing an issue where I need to exclude this header for security reasons when making requests to certain subdomains.
I attempted to remove the header as follows, but it didn't work:
let instance = axios.create()
delete instance.defaults.headers.common['X-CSRF-TOKEN']
The problem is that instance.defaults.headers.common['X-CSRF-TOKEN'] appears to be undefined when I tried to work with it.
I also tried the following approach, which was also unsuccessful:
axios.interceptors.request.use(function (config) {
delete config.headers.common["X-CSRF-TOKEN"]
return config;
}, function (error) {
// Do something with request error
logger.error(error);
return Promise.reject(error);
});
It seems that axios checks for the presence of the XSRF-TOKEN cookie after the interceptors process the request, and it overwrites all of my attempts to remove the header.
Could you please provide me with guidance on how to conditionally omit the header based on certain criteria or conditions?
There is no option to delete that functionality except to update the axios to the 1.6.0 version, where that header adding logic was fixed according to the CVE-2023-45857