search

SalesforceCommerceCloud / commerce-sdk-isomorphic

Browser & Node.js JavaScript client for B2C Commerce API
https://salesforcecommercecloud.github.io/commerce-sdk-isomorphic/
BSD 3-Clause "New" or "Revised" License
43 stars 21 forks source link

Disable sending cookies by default #106

Closed johnboxall closed 1 year ago

johnboxall commented 1 year ago

By default, commerce-sdk-isomorphic includes cookies and other credentials when making requests to Commerce API.

Commerce API doesn't use cookies, and in some circumstances, sending cookies can hit header limits enforced by Commerce API, rejecting requests.

fetch can be configured to omit cookies using fetch(url, {credentials: "omit"}):

https://developer.mozilla.org/en-US/docs/Web/API/fetch#credentials

We should consider setting this as the default behaviour to trim down the size of requests made in browser and avoid the problem of big big big headers causing problems with SCAPI.

Related to https://github.com/SalesforceCommerceCloud/commerce-sdk-isomorphic/issues/79#issue-1155648909 as the solution also requires us to use a browser's native fetch implementation rather than cross-fetch's polyfill with XMLHttpRequest:

Screenshot 2022-11-24 at 11 19 25 AM

https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

git2gus[bot] commented 1 year ago

This issue has been linked to a new work item: W-12122953