Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why `withCredentials` default can't be overwritten? #343

Closed
gbauxy opened this issue Jun 13, 2016 · 4 comments

Comments

@gbauxy
Copy link

commented Jun 13, 2016

Why withCredentials default can't be overwritten for particular request?
For example, website working generally with API from another domain and all this requests requires cookies so we set withCredentials default to true for convenience .
But some requests need to be fulfilled to another domain, for example githib.com.
So it is not possible to overwrite withCredentials to false because of this line of code

What the reason for such behavior?

@liximomo

This comment has been minimized.

Copy link

commented Jun 14, 2016

I want to overwrite it too!

@mzabriskie

This comment has been minimized.

Copy link
Member

commented Jun 14, 2016

This may be a false assumption, but the rationale is that you don't want someone to accidentally override withCredentials if it has been globally set as the default.

@gbauxy

This comment has been minimized.

Copy link
Author

commented Jun 14, 2016

At least this logic conflicts with docs config-order-of-precedence
Moreover, when someone explicitly type

axios.get('https://api.github.com', {
  withCredentials: false
});

it verbose enough to understand what do you do.
And the third point is that this logic can lead to security issues when developer try to fulfill partial request without cookies but cookies will be sent anyway.

So my proposal is to discard this rule.

@fatpandaria

This comment has been minimized.

Copy link

commented Oct 29, 2018

Is there any update about this issue?I also want to overwrite the withcredential option for some specific request which withcredential will lead to unprocessable error.But I just couldn't make it,so I am just wondering whether this issue is the reason?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.