-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XMLHttpRequest.withCredentials "always" set to true #495
Comments
Hi Kerem, From the MDN XMLHttpRequest.withCredentials page:
Since this flag is necessary for cross-domain XHR requests and doesn't make a difference for same domain requests, I guess it is left as true by default. |
Closed due to inactivity, please reopen if needed. |
We have the same problem and we would like to reopen this issue. The user should be able to configure Our suggestion is to make |
We are having same problem and want withCredentials to be false. Is there any workaround available for this? |
I don't have permission to reopen this issue but I've submitted a PR adding an option for this: #614 |
withCredentials was always set to true, despite the browser default being false, and can now be overridden. Closes #495
withCredentials was always set to true, despite the browser default being false, and can now be overridden. Closes socketio/engine.io-client#495
There seems to be a problem with the xhr polling as it sets withCredentials to true if withCredentials exits in xhr (This always happens?).
As the engine.io-server does not depend on the extra information granted by withCredentials (Cookies e.g.), should not this be set to false by default? And/or should there be a configuration for it?
The text was updated successfully, but these errors were encountered: