Update sendRequest for axios to align on parameter deprecation (withCredentials)

[evgarthub]

Hi @ferdikoomen!

Axios fixed vulnerability related to withCredentials request parameter by introducing new parameter withXSRFToken, details here:
axios/axios#6046
GHSA-wf5p-g6vw-rhxx

Does it make sense to include new parameter next to withCredentials as author suggests?

We verified internally that indeed passing both parameters with true value prevents client from behaving differently after axios update.

I will quickly create PR for it, let me know if it does make sense?

[mrlubos]

@evgarthub I think we'd want a separate parameter for this. It's a breaking change in Axios, therefore it should be a breaking change in this package, too.

[evgarthub]

@mrlubos do you mean we should extend config with WITH_XSRF_TOKEN?

[mrlubos]

Sounds like it. I'd need to dig more into it, but if this feature is only available in Axios, config should also have that flag only when using Axios client. That's what it looks like to me right now

[evgarthub]

I'm not able to run any tests, or rather they are failing because of #2052 issue (I'm on Windows).

[jordanshatford]

@evgarthub The windows issue should be fixed in our fork https://github.com/hey-api/openapi-ts. We have also added support for interceptors, so if you would like to do something like this you can see examples in this ticket:

hey-api/openapi-ts#76

[evgarthub]

Hi @jordanshatford ! Thanks for offering a solution! But it's already been fixed in this repo.

[mrlubos]

@evgarthub yes, except it isn't actively maintained and still has many other bugs that are fixed in openapi-ts #2064