Docs: Missing withXSRFToken option in Request Config documentation #7450
Description
Good day,
I hope you’re doing well. I’m currently an intern working on connecting a frontend application to a backend API, and while implementing authentication and CSRF protection using Axios, I encountered some unexpected behavior.
Initially, I was using withCredentials: true and expected the XSRF token to be automatically sent, based on older examples and tutorials. However, the token was not being attached to the request headers. While debugging this, I discovered that newer Axios versions introduced the withXSRFToken option to control this behavior.
I wasn’t able to find this option in the official documentation:
https://axios-http.com/docs/req_config
So I spent some time searching for the cause, and eventually I came across a helpful discussion on Stack Overflow that explained the issue and pointed me in the right direction:
https://stackoverflow.com/questions/69002516/axios-not-sending-xsrf-token-with-headers
Shout out to that thread—it really helped me understand what was happening.
As someone still learning and working through real integration scenarios, I humbly want to request if the official docs could be updated to include:
- the
withXSRFTokenoption - how it relates to
withCredentials - any behavior changes compared to older Axios versions
I believe this would help other developers (especially beginners and interns like me) avoid confusion when implementing secure frontend-backend communication.
Thank you very much for your work on Axios and for maintaining the project.