🐛 BUG: The 'credentials' field on 'RequestInitializerDict' is not implemented.

[Kaperstone]

Which Cloudflare product(s) does this pertain to?

Workers/Other

What version of Wrangler are you using?

2.6.2

What operating system are you using?

Windows

Describe the Bug

I am testing locally
EDIT: To emphasize, when I press L to test locally, it is working fine but when I deploy to Cloudflare or turn local mode off, it is showing the error.

Whenever I include credentials in the header of a fetch request, I am receiving this error.
This has became an issue since I ably-js has stopped working entirely throwing this error.

I use hono.js to simplify the usage of workers so basically a reproduction would be

import {Hono} from "hono"

app.get("/", ctx => {
  new fetch("https://example.com/api/", {
  headers,
  method: "POST",
  body: "",
  credentials: headers.has("authorization") ? "include" : "same-origin"
})

[KianNH]

FYI, this is a bug in local development - Cloudflare Workers do not support the credentials property in options.

[Kaperstone]

As I stated, this is a bug in deployment.

Here is a log from a deployed code, workers > logs

{
  "outcome": "ok",
  "scriptName": "wrangler",
  "exceptions": [],
  "logs": [
    {
      "message": [
        "  <-- POST /rest/v1/friends_messages"
      ],
      "level": "log",
      "timestamp": 1673176328277
    },
    {
      "message": [
        "ably error:The 'credentials' field on 'RequestInitializerDict' is not implemented."
      ],
      "level": "log",
      "timestamp": 1673176328331
    },
    {
      "message": [
        "ably error:The 'credentials' field on 'RequestInitializerDict' is not implemented."
      ],
      "level": "log",
      "timestamp": 1673176328331
    },
    {
      "message": [
        "  --> POST /rest/v1/friends_messages \u001b[32m200\u001b[0m 54ms"
      ],
      "level": "log",
      "timestamp": 1673176328331
    }
  ],
}

And the opposite, it is an error only in deployment

as I stated, local mode is working fine, only when local-mode is off and/or after deployment to Cloudflare.

EDIT: Last but not least, I can't do anything with the situation.
Ably is using this header, Cloudflare does not support.

Then it means I cannot use Cloudflare Workers.

[KianNH]

As I said, this is a bug in local development.

It is not supported in Workers - the bug is that local development does support it when it shouldn't.

You would need to stop the package from using fields that aren't implemented in Cloudflare Workers.

https://github.com/cloudflare/workerd/blob/902b65ace3c5c0f5ae4b432fae976f28ddaec1ec/src/workerd/api/http.h#L510-L517

[Kaperstone]

Oh, so the bug is that the local does support it when it shouldn't.

Got you, so my only options are to give up on Workers or Ably.

[randomairborne]

is it possible to not make this a hard crash? Given workers are not in a browser, the credentials policy shouldn't affect them... so is there some harm to making this not hardcrash any third-party library that also wants to support a browser?

[lachlancollins]

@KianNH I've just run into this problem in a SvelteKit app using the @sveltejs/adapter-cloudflare. I'm just wondering why the credentials field isn't supported? Are there any plans to support the full fetch request API? Other edge runtimes like Deno seem to have all properties.

[randomairborne]

Well, credentials doesn't do anything here- it only exists to turn off browser settings, it is ignored in server-side applications (as i understand). The issue (i think) is that cloudflare throws rather then silently ignoring them, see cloudflare/workerd#902 for a related issue i created

[lachlancollins]

Well, credentials doesn't do anything here- it only exists to turn off browser settings, it is ignored in server-side applications (as i understand). The issue (i think) is that cloudflare throws rather then silently ignoring them, see cloudflare/workerd#902 for a related issue i created

Credentials are definitely not useless in a server environment - for example, it's a core part of SvelteKit's fetch. I've also migrated my app from Cloudflare Workers to Deno Deploy and it works as expected.

I understand the focus of this issue has shifted towards throwing a warning in development, I'm just curious about why it hasn't been added. For example, I checked the WinterCG and couldn't find anything on fetch, so maybe there isn't a common standard yet.

[randomairborne]

Aren't credentials only used to bypass the fact that the browser prevents you from sending custom cookies? Nothing prevents you from doing this, and I don't see what deno actually does with the information you give it.

[lachlancollins]

Aren't credentials only used to bypass the fact that the browser prevents you from sending custom cookies? Nothing prevents you from doing this, and I don't see what deno actually does with the information you give it.

True, I think SvelteKit processes the cookies for you, based on the credentials field. So I guess I just need a runtime that silently ignores the credentials option and fetches regardless!

[martinsotirov]

This makes it impossible to use the @directus/sdk

[snilan]

Running into this issue trying to use the @huggingface/inference package

[multipliedtwice]

Am I correctly understanding, the set-cookie header sent by a server won't work on Cloudflare?

[riderx]

fucked my prod with this bug, all test passed in local ^^

[ImLunaHey]

Similar issue here cloudflare/workerd#698

[Thimows]

Same issue:

The 'credentials' field on 'RequestInitializerDict' is not implemented

This makes it IMPOSSIBLE to run agents that use the Webbrowser tool from Langchain (langchain/tools/webbrowser)...

[moritzmla]

Same issue:

The 'credentials' field on 'RequestInitializerDict' is not implemented

Is there any workaround?