-
Notifications
You must be signed in to change notification settings - Fork 760
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support for with-credentials xhr flag #498
Conversation
seems this flag is unnecessary, give your credentials-value is enough directly. |
@jmzwcn could you elaborate a bit? where can I pass my credentials-value directly? |
This is necessary. The xhr.with-credentials flag has special meaning in the browser, which will include domain cookies to be attached to the request. We just never got around to adding an API for it. |
Hope to avoid non-compatible and reduce too many parameters to easily use. |
@n3squik Thanks for your contributions. I might have to think about this a little more, especially around how exactly we are gonna do this. For the internal use case, we don't have the extra The challenge in here (the open-source use case) is that it's hard to define what that condition might be. We might have to do it with setting a specific parameter in the Let's keep this PR open - I will come back on this asap. |
withCredentials: true is needed for browsers to trigger authentication as a result of XMLHttprequest. If not set, the browser is silent. Currently it's not possible to properly trigger any browser driven auth as a result of gRPC call, neither Negotiate (NTLM, Kerberos) nor Basic. Something like below should be enough if you don't want to change the arguments.
|
Any new information? |
Checking in on this, currently blocked. Any chance we can get this merged? |
Done in #604. Thanks for your contributions anyways. Sorry for the huge delay. |
Before cutting the next release, is it possible that someone can verify if this works for your use case?
I received a report that even with #604, cookie is not being attached to a cross-domain request. So I was wondering if we are still missing something. |
Add support for xhr's with-credential flag (specs).
A new optional parameter is added to clients constructors. If not set the default value is false, so it does not change the prior behavior.
Usage:
Related issues: #176, #351