Open feltnerm opened 10 years ago
I just ran into this as well. I was glad the withCredentials option was available, but agree it should default to false.
I just ran into this as well. I was glad the withCredentials option was available, but agree it should default to false.
Yeah, it was annoying that I had a dependency that was using the http
module but was not specifying the withCredentials
option resulting in CORS errors. If withCredentials
followed the spec, I would not have to modify/fork dependencies to work with http in the browser.
I ran into this as well. Please merge. xhr.withCredentials
definitely shouldn't be true
by default.
This is not good. Please merge.
similar to #90
According to the XMLHttpRequest2 spec,
xhr.withCredentials
should be initiallyfalse
. http-browserify sets this flag totrue
by default which disobeys the spec. This leads to browser errors when making CORS requests to domains that have wildcards in their Access-Control-Allow-Origin header.http-browserify should attempt to follow the spec by default. In this case, that means setting
withCredentails
tofalse
initially, and then allowing the user to override that in the passing inparams
.Maybe it is possible to auto-detect when user credentials are being sent and then set the
withCredentials
flag from there.Somewhat related to #35 (the committer there expressed concern about
withCredentials
beingtrue
when unintialzed as well).