Merge pull request #2486 from vimeo/master

Add option to trigger xhr.withCredentials without http auth
mootools · Jun 30, 2014 · ccc36c2 · ibolmo · Jun 30, 2014 · SergioCrisostomo
2 parents 2c72ef2 + 595356f
commit ccc36c2
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 3 deletions.
diff --git a/Docs/Request/Request.md b/Docs/Request/Request.md
@@ -35,8 +35,9 @@ An XMLHttpRequest Wrapper.
 * isSuccess  - (*function*) Overrides the built-in isSuccess function.
 * evalScripts  - (*boolean*: defaults to *false*) If set to true, `script` tags inside the response will be evaluated.
 * evalResponse - (*boolean*: defaults to *false*) If set to true, the entire response will be evaluated. Responses with javascript content-type will be evaluated automatically.
-* user       - (*string*: defaults to *null*) When username is set the Request will open with credentials and try to authenticate.
+* user       - (*string*: defaults to *null*) The username to use for http basic authentication.
 * password   - (*string*: defaults to *null*) You can use this option together with the `user` option to set authentication credentials when necessary. Note that the password will be passed as plain text and is therefore readable by anyone through the source code. It is therefore encouraged to use this option carefully
+* withCredentials   - (*boolean*: defaults to *false*) If set to true, xhr.withCredentials will be set to true allowing cookies/auth to be passed for cross origin requests
 
 ### Events:
 

diff --git a/Source/Request/Request.js b/Source/Request/Request.js
@@ -34,7 +34,8 @@ var Request = this.Request = new Class({
 		onException: function(headerName, value){},
 		onTimeout: function(){},
 		user: '',
-		password: '',*/
+		password: '',
+		withCredentials: false,*/
 		url: '',
 		data: '',
 		headers: {
@@ -197,7 +198,7 @@ var Request = this.Request = new Class({
 		}
 
 		xhr.open(method.toUpperCase(), url, this.options.async, this.options.user, this.options.password);
-		if (this.options.user && 'withCredentials' in xhr) xhr.withCredentials = true;
+		if ((/*<1.4compat>*/this.options.user || /*</1.4compat>*/this.options.withCredentials) && 'withCredentials' in xhr) xhr.withCredentials = true;
 
 		xhr.onreadystatechange = this.onStateChange.bind(this);
 

diff --git a/Specs/Request/Request.js b/Specs/Request/Request.js
@@ -135,5 +135,41 @@ describe('Request', function(){
 
 	});
 
+	it('should not set xhr.withCredentials flag by default', function(){
+		var request = new Request({
+			url: '/something/or/other'
+		}).send();
+
+		expect(request.xhr.withCredentials).toBe(false);
+	});
+
+	/*<1.4compat>*/
+	it('should set xhr.withCredentials flag in 1.4 for this.options.user', function(){
+		var request = new Request({
+			url: '/something/or/other',
+			user: 'someone'
+		}).send();
+
+		expect(request.xhr.withCredentials).toBe(true);
+	});
+	/*</1.4compat>*/
 
+	var dit = /*<1.4compat>*/xit || /*</1.4compat>*/it; // don't run unless no compat
+	dit('should not set xhr.withCredentials flag in 1.5 for this.options.user', function(){
+		var request = new Request({
+			url: '/something/or/other',
+			user: 'someone'
+		}).send();
+
+		expect(request.xhr.withCredentials).toBe(false);
+	});
+
+	dit('should set xhr.withCredentials flag if options.withCredentials is set', function(){
+		var request = new Request({
+			url: '/something/or/other',
+			withCredentials: true
+		}).send();
+
+		expect(request.xhr.withCredentials).toBe(true);
+	});
 });