Refused to set unsafe header "Cookie"

[ConorMaley]

I'm trying to set my cookies to be able to see my private league data on my webpage, but when I call BaseAPIObject.setCookies({espnS2: 'xxxxxx', SWID: '{xxxxx}'}) and then league.read() I get the error "Refused to set unsafe header "Cookie""

any solutions or workarounds for this?

I think it has something to do with https://github.com/axios/axios/issues/319 but i'm not totally sure

[mkreiser]

I messed up setting the cookie in a browser-compliant manner. Fix should be relatively easy. I'll bump to 0.8.1 once it's ready.

[mkreiser]

~Can you try this branch? https://github.com/mkreiser/ESPN-Fantasy-Football-API/tree/fix-cookies. The package size increased by 10x which concerns me...~

Nevermind, that won't work. Continuing to dig.

[mkreiser]

So from my reading of things, there's not a way to set the cookie header in a browser on a different origin (anything other than espn.com). Since this is how everyone else has made private league requests, I've hit a wall for thinking of something that will work in web.

Should still work for node, as axios is the User-Agent and will set the Cookie header. However I found a bug that I was setting the wrong cookie name (espnS2 instead of espn_s2). I'll at least fix that.

[ConorMaley]

this might be a long shot, but maybe it's the order in which your axiosConfig is placed into the .get() call.

https://stackoverflow.com/a/43178070 says "XMLHttpRequest from a different domain cannot set cookie values for their own domain unless withCredentials is set to true before making the request."

So maybe try const axiosConfig = { withCredientials: !_.isEmpty(headers), params, headers }; objects in js are supposed to be "unordered" but weird things happen in js sometimes ya know

also i would try this myself but i can't seem to get the project up and running locally on my machine

[mkreiser]

@ConorMaley That won't work. Objects are unordered. By setting withCredentials in the config, we're compliant with setting that to true before making the request.

Also, what issues are you having setting up the project? That's concerning to me.

I also fixed up and tested (locally) private leagues in node in #93. Will release a patch with #94.