import platform from '../platform/index.js'; import utils from '../utils.js'; import isURLSameOrigin from './isURLSameOrigin.js'; import cookies from './cookies.js'; import buildFullPath from '../core/buildFullPath.js'; import mergeConfig from '../core/mergeConfig.js'; import AxiosHeaders from '../core/AxiosHeaders.js'; import buildURL from './buildURL.js'; export default (config) => { const newConfig = mergeConfig({}, config); let { data, withXSRFToken, xsrfHeaderName, xsrfCookieName, headers, auth } = newConfig; newConfig.headers = headers = AxiosHeaders.from(headers); newConfig.url = buildURL( buildFullPath(newConfig.baseURL, newConfig.url, newConfig.allowAbsoluteUrls), config.params, config.paramsSerializer ); // HTTP basic authentication if (auth) { headers.set( 'Authorization', 'Basic ' + btoa( (auth.username || '') + ':' + (auth.password ? unescape(encodeURIComponent(auth.password)) : '') ) ); } if (utils.isFormData(data)) { if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) { headers.setContentType(undefined); // browser handles it } else if (utils.isFunction(data.getHeaders)) { // Node.js FormData (like form-data package) const formHeaders = data.getHeaders(); // Only set safe headers to avoid overwriting security headers const allowedHeaders = ['content-type', 'content-length']; Object.entries(formHeaders).forEach(([key, val]) => { if (allowedHeaders.includes(key.toLowerCase())) { headers.set(key, val); } }); } } // Add xsrf header // This is only done if running in a standard browser environment. // Specifically not if we're in a web worker, or react-native. if (platform.hasStandardBrowserEnv) { withXSRFToken && utils.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(newConfig)); if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))) { // Add xsrf header const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName); if (xsrfValue) { headers.set(xsrfHeaderName, xsrfValue); } } } return newConfig; };