feat: support for with-credentials xhr flag #498
Conversation
|
seems this flag is unnecessary, give your credentials-value is enough directly. |
@jmzwcn could you elaborate a bit? where can I pass my credentials-value directly? |
|
This is necessary. The xhr.with-credentials flag has special meaning in the browser, which will include domain cookies to be attached to the request. We just never got around to adding an API for it. |
|
Hope to avoid non-compatible and reduce too many parameters to easily use. |
|
@n3squik Thanks for your contributions. I might have to think about this a little more, especially around how exactly we are gonna do this. For the internal use case, we don't have the extra The challenge in here (the open-source use case) is that it's hard to define what that condition might be. We might have to do it with setting a specific parameter in the Let's keep this PR open - I will come back on this asap. |
|
withCredentials: true is needed for browsers to trigger authentication as a result of XMLHttprequest. If not set, the browser is silent. Currently it's not possible to properly trigger any browser driven auth as a result of gRPC call, neither Negotiate (NTLM, Kerberos) nor Basic. Something like below should be enough if you don't want to change the arguments. |
|
Any new information? |
|
Checking in on this, currently blocked. Any chance we can get this merged? |
|
Done in #604. Thanks for your contributions anyways. Sorry for the huge delay. |
|
Before cutting the next release, is it possible that someone can verify if this works for your use case? I received a report that even with #604, cookie is not being attached to a cross-domain request. So I was wondering if we are still missing something. |
Add support for xhr's with-credential flag (specs).
A new optional parameter is added to clients constructors. If not set the default value is false, so it does not change the prior behavior.
Usage:
Related issues: #176, #351