Obsrvable.ajax ignores withCredentials (CORS) settings

[sfletche]

Issue #117 originally reported by @wizardwerdna, still occurring in rx-dom v7.0.3

(<any> Observable).ajax({
  url: `${YQL_BASE}?q=${YQL_QUERY}&${YQL_FORMAT}`,
  crossDomain: true,
  withCredentials: false
})
.subscribe(
  x => console.log("ajax", x),
  err => console.log("ajax err", err)
);

Observable.ajax does not recognize the withCredentials mode for CORS.

When run on Chrome, the above code yields the following:

XMLHttpRequest cannot load . A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.

The solution offered by @neckaros in the above mentioned issue solves the problem...

Modifying the default settings to set withCredentials:

var ajaxRequest = dom.ajax = function (options) {
    var settings = {
      method: 'GET',
      crossDomain: false,
      async: true,
      headers: {},
      responseType: 'text',
      withCredentials: false,
      timeout: 0,
      createXHR: function(){
        return this.crossDomain ? getCORSRequest() : getXMLHttpRequest()
      },
      normalizeError: normalizeAjaxErrorEvent,
      normalizeSuccess: normalizeAjaxSuccessEvent
    };
...

and forcing false is set to false after creatinng the XHR:

...
 try {
        xhr = settings.createXHR();
      } catch (err) {
        return o.onError(err);
      }

      try {

        if(settings.withCredentials === false && xhr.withCredentials)
          xhr.withCredentials = false;
        if (settings.user) {
          xhr.open(settings.method, settings.url, settings.async, settings.user, settings.password);
        } else {
          xhr.open(settings.method, settings.url, settings.async);
        }
...