Closed DanielVF closed 9 years ago
jhollingworth
commented
9 years ago We've introduced the concept of "hooks" in v0.9 which allows you to modify requests before they are sent and responses after received. Do you think they could be used to fix this case?
DanielVF
commented
9 years ago Yes, hooks look like they would allow me to globally change the behavior for my application.
Still might be nice to change the default marty behavior to send browser cookies on requests, though.
jhollingworth
commented
9 years ago I'd like to avoid changing the existing behaviour if possible. If we're quietly modifying the expected behaviour of fetch this could confuse some people. If this becomes a recurring request then I will reconsider
Thanks!
jhollingworth
commented
9 years ago I'm going to back track on my previous comment. #209 adds an http hook which sets credentials to 'same-origin'. This will be introduced in Marty v0.9
DanielVF
commented
9 years ago Great! Thanks!
When using jQuery's ajax methods, the browser's cookies are sent along with each same-origin request. If your user is currently logged in, then their requests are logged in too.
The fetch spec however requires that no cookies be sent unless the
credentialsoption is explicitly set to 'same-origin' or the stronger 'include'. (see here: https://github.com/github/fetch/pull/69/files?diff=split )There's currently no way to set the global fetch options for a new HttpStateSource, other than on each request you make.
I wonder if we should make HttpStateSource default to using credentials 'same-origin', and allow changing the default request options from HttpStateSource's mixinOptions.