search

globalpayments / globalpayments-3ds-js

Helper library for leveraging 3DSecure 2 for Strong Customer Authentication (SCA)
https://www.npmjs.com/package/globalpayments-3ds
GNU General Public License v2.0
5 stars 10 forks source link

Credentials by default set to omit in ajax request #11

Open csdougliss opened 4 years ago

csdougliss commented 4 years ago

https://github.com/globalpayments/globalpayments-3ds-js/blob/2175eef88ebdc864d1fb4817109f5d3b732b93e0/src/lib/make-request.ts#L20

This causes an issue in my application as my cookies are not sent in the request to check3dsVersion or initiateAuthentication

As per https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials, this should be changed to 'same-origin':

omit: Never send or receive cookies.
same-origin: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
jota0222 commented 4 years ago

It's happening to me. I think this is better to be configurable. Is there any solution available that doesn't involve edit the library?