Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
how to override axios.defaults.headers.common for crossdomain requests
See original GitHub issueIn my app which uses X-CSRF-TOKEN in all api requests to MY server, I wanted to use axios to also perform an api GET request to an external server (giphy in this case)
I kept getting this error
Request header field X-CSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response.
Basically my understanding of this error is that Giphy’s server does NOT want this header to be included
This header is included by default in my axios configuration however. I tried many things to get it to NOT send this header, but nothing worked until I came up with this rather ugly hack:
var self = this;
var axiosCrossDomain = axios;
delete axiosCrossDomain.defaults.headers.common["X-CSRF-TOKEN"];
axiosCrossDomain(apiEndPoint, {
method: "GET",
params: {
api_key: publicKey,
q: self.query.split(" ").join("+"),
limit: 50
}
})
.then(function(response) {
self.results = response.data.data;
self.current_gif = false;
})
.catch(function(error) {
console.log(error);
});
This works… it was not required for me to make a copy of axios like I did but since my app is a SPA I wanted to make sure that I was not removing the X-CSRF-TOKEN from all instances of axios
But surely there must be another, better way to do this?
Anyone know?
Thanks
Issue Analytics
- State:
- Created 6 years ago
- Reactions:4
- Comments:8 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Here is my solution. This allows me to rely on the default Laravel implementation for default headers in
bootstrap.jsand then every time I make an external API request, I use this:generatedUrlis of course proprietary to your app, like https://www.com/apiThe absolute trick is that, in my case, Google’s API requires that the
'X-CSRF-TOKEN'header be absent, so you can’t simply set it toundefined. So after dealing with this problem off and on for several weeks, my above solution is what I have ended up with.The trick is to not even go down a path of trying to temporarily mutate
axios.defaults.headersbecause you will encounter horrific async issues if you make an external API call while a page loads and a user on your site submits a form that makes an internal API call before your external API call has responded back and restored theaxios.defaultsback to normal.If the
axios.defaultswere mutated during that time, you will of course experience the full wrath of shared mutable state. Fire up a separate axios instance, and make your external API calls using that.Relevant docs are likely here if you want to investigate other trinkets: https://github.com/axios/axios
NOTE: You cannot assign the headers in the config object. You must mutate them afterwards with:
Just to make sure I understand, at some point you’re adding the X-CSRF-TOKEN header to your global configuration, correct? That header shouldn’t be included as one of the default headers out of the box.
Otherwise, I would suggest using multiple instances in order to separate your API endpoints, like this:
This supports the full configuration as well, in case there’s anything else you want to include. If you are using any other forms of configuration (global, etc.), I recommend checkout out the docs on config precedence.