withCredentials defaults to false on XMLHttpRequest, but the opposite was chosen in this library. This can cause difficult to understand failures depending on the CORS headers returned by the server (it's an issue when calling the GitHub v3 API for example).
The alternative would be to default to false to stay consistent with XMLHttpRequest, but that is likely a breaking change for some downstream apps, and I am going to assume the current strategy was chosen for a reason.
withCredentials
defaults tofalse
onXMLHttpRequest
, but the opposite was chosen in this library. This can cause difficult to understand failures depending on the CORS headers returned by the server (it's an issue when calling the GitHub v3 API for example).The alternative would be to default to
false
to stay consistent withXMLHttpRequest
, but that is likely a breaking change for some downstream apps, and I am going to assume the current strategy was chosen for a reason.