CORS requests fail with Access-Control-Allow-Origin: * #14
Labels
Type: Bug
For bugs and any other unexpected breakage
Comments
|
Hmm, I had it set to true with authentication-walled APIs in mind (which is my main use case), but for public APIs, you're right, it's not a good default. Now that I think about it, public APIs are probably more common, so I'll consider this is a bug. In any case, the flag is configurable via m.request's config option: var publicAPI = function(xhr) {xhr.withCredentials = false;}
m.request({
method: "GET",
url: "/",
config: publicAPI
}); |
|
Default value for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
mithril sets withCredentials to true when making XHR requests. Chrome and Firefox disallow CORS requests with credentials if the allow origin is *.
Is there any reason it's set to true instead of being configurable?
The text was updated successfully, but these errors were encountered: