CORS: implement setting to perform XHR requests with withCredentials=true

[alvassin]

I want to implement ability to display raml specs in api console passed directly from private bitbucket repo.

Imagine you have single raml.corp.your-company.com instance, which is being deployed directly from api-console repo. User specifies some url to raml file from some service, and if he is authorized & has access to specified file, his file is loaded into api-console instance.

You can pass there file from github (currently it works for public repos): http://raml.corp.your-company.com?raml=https://raw.githubusercontent.com/alvassin/raml-example-spec/master/api.raml.

You can also pass file from your private-hosted repo, that requires cookies. E.g. http://raml.corp.your-company.com?http://raw.bitbucket.corp.your-company.com/path-to-spec.raml. That request will fail until you set withCredentials=true flag to xhr request in raml.coffee.

I would implement xhrWithCredentials flag that will be disabled by default (i can make pull request & tests), because many services (git github by example) provide Access-Control-Allow-Origin: * header, which does not allow XmlHttpRequest.withCredentials flag.

But if necessary users will be able to specify xhrWithCredentials=true when using raml.loadFile method, if it is necessary.

@dmartinezg What would you say?

[dmartinezg]

If people want to implement custom HTTP, they can load their own fileReader, the parser already provides an alternative to overload file resolving, so I don't think we need to do anything else here.

Maybe we should ask api-console, to allow a hosting application to override the fileReader given to the parser.

Would you close this one please?