💡 [REQUEST] - Allow send cookies on the method postWithXForm

[wesley-monaro]

Summary

Hey guys.

I'm not considering it as a bug, because it works fine for some providers. But, sometimes we need pass a credential cookie for custom providers, and by default, the fetch method not sends cookies on HTTP requests.

To resolve it, I just created a request interceptor for the fetch method, adding the property "credentials": "include" in the options object. I'm not sure if it can be added as a parameter on the context configurations, like "allowCookies" or something like that, to be flexible for the dev choose use it or no.

Basic Example

That's the created interceptor:

window.fetch = (...args): any => {
  let [resource, options] = args;
  if (options) {
    options["credentials"] = "include";
    options["mode"] = "cors";
  }
  return originalFetch(resource, options);
};

Drawbacks

Changing the property, you need explicitly the CORS configuration, like the code below.

Unresolved questions

No response

Implementation PR

No response

Reference Issues

No response

[soofstad]

Hi! Do you have some documentation from the provider on how this cookie scheme works? This is not part of the OAuth2 spec, and sounds potentially dangerous. We do try and cater to some non-standard options and parameters, but would like to get some more information and knowledge about potential risks with this first :slightly_smiling_face:

[sebastianvitterso]

Closing this as inactive, feel free to comment further to have the issue re-opened.