Open gsf opened 10 years ago
gobengo
commented
10 years ago I think it is a bad idea to change the default on such an important flag without a major version bump, or at least minor.
Though I would say if this was a fresh project that withCredentials should be false by default.
gsf
commented
10 years ago As discussed at Raynos/xhr#33 (click "Show outdated diff"), some believe the withCredentials default in the spec was a mistake, as was the Access-Control-Allow-Origin wildcard. I haven't found many resources to back this up, however. The commented text at http://enable-cors.org/server_nginx.html suggests this, but others (including http://fetch.spec.whatwg.org/#basic-safe-cors-protocol-setup) seem to favor the wildcard and the default of false.
bmpvieira
commented
10 years ago I would like to see this merged since withCredentials default to true prevents accessing resources on many servers and the solution might not be obvious for users. Especially if your like me using http-browserify through request browserified.
Resources examples: http://data-gov.tw.rpi.edu/raw/1576/data-1576.nt.gz http://ftp.ebi.ac.uk/pub/databases/ensembl/encode/integration_data_jan2011/hub.txt
eush77
commented
9 years ago Please merge. The current default behavior is totally unexpected.
zwhitchcox
commented
9 years ago Holy shit, please merge. That took me forever to figure out.
recursify
commented
8 years ago Any update on if/when this will get merged?
Any reason to alter the default for xhr.withCredentials?