Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make withCredentials a param allowing caller to set #35

Closed
wants to merge 1 commit into from
Closed

Make withCredentials a param allowing caller to set #35

wants to merge 1 commit into from

Conversation

derekr
Copy link
Contributor

@derekr derekr commented Jan 8, 2014

Wasn't sure if there was a solid reason for forcing withCredentials to be true and thought it would be useful to make a param. I am working with a server that doesn't support the credentials header.

@MaxGfeller
Copy link

+1

I also run in trouble with the withCredentials automatically been set. If a resource has CORS enabled, then this is not possible with credentials flag set to true:
Wildcards cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.

After commenting out in my bundle.js it worked.

MaxGfeller added a commit to MaxGfeller/youtube-search that referenced this pull request Jan 29, 2014
@MaxGfeller
Enabled CORS for browserifying
f82d64a 
Layed the basis for making this module browserifyable by sending all
requests via corsproxy.com. Currently this is not yet possible because
of this issue in http-browserify:
browserify/http-browserify#35
@ghost
Copy link

ghost commented Feb 13, 2014

merged in 1.3.1.

@ghost ghost closed this Feb 13, 2014
feltnerm added a commit to feltnerm/http-browserify that referenced this pull request Mar 28, 2014
@feltnerm
fix: xhr.withCredentials is initially false
e498db8 
According to the [XMLHttpRequest2 spec](http://www.w3.org/TR/XMLHttpRequest2/#the-withcredentials-attribute),
`xhr.withCredentials` should be initially `false`. http-browserify sets this
flag to `true` by default which disobeys the spec. This leads to browser errors when
making CORS requests to domains that have wildcards in their
Access-Control-Allow-Origin header.

http-browserify should attempt to follow the spec by default. In this case,
that means setting `withCredentails` to `false` initially, and then allowing
the user to override that in the passing in `params`.

Maybe it is possible to auto-detect when [user credentials](http://www.w3.org/TR/XMLHttpRequest2/#user-credentials)
are being sent and then set the `withCredentials` flag from there.

Somewhat related to browserify#35 (the committer there expressed concern about
`withCredentials` being `true` when unintialzed as well).
@feltnerm feltnerm mentioned this pull request Mar 28, 2014
Open
@gsf gsf mentioned this pull request Jun 26, 2014
Closed
@feltnerm
Copy link

Is this (forcing the user to override the defaults set via the spec) really the best solution? @substack , please look at #47.

Much ❤️ for what you do @substack, thanks.

This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@derekr @MaxGfeller @feltnerm