http-browserify icon indicating copy to clipboard operation
http-browserify copied to clipboard

Published 20 hours ago verified publisher icon browserify

No default withCredentials. Updated version of #47

Open gsf opened this issue 10 years ago • 6 comments

Any reason to alter the default for xhr.withCredentials?

gsf avatar Jun 23 '14 23:06 gsf

I think it is a bad idea to change the default on such an important flag without a major version bump, or at least minor.

Though I would say if this was a fresh project that withCredentials should be false by default.

gobengo avatar Jul 08 '14 07:07 gobengo

As discussed at Raynos/xhr#33 (click "Show outdated diff"), some believe the withCredentials default in the spec was a mistake, as was the Access-Control-Allow-Origin wildcard. I haven't found many resources to back this up, however. The commented text at http://enable-cors.org/server_nginx.html suggests this, but others (including http://fetch.spec.whatwg.org/#basic-safe-cors-protocol-setup) seem to favor the wildcard and the default of false.

gsf avatar Jul 08 '14 14:07 gsf

I would like to see this merged since withCredentials default to true prevents accessing resources on many servers and the solution might not be obvious for users. Especially if your like me using http-browserify through request browserified.

Resources examples: http://data-gov.tw.rpi.edu/raw/1576/data-1576.nt.gz http://ftp.ebi.ac.uk/pub/databases/ensembl/encode/integration_data_jan2011/hub.txt

bmpvieira avatar Aug 14 '14 14:08 bmpvieira

Please merge. The current default behavior is totally unexpected.

eush77 avatar Nov 05 '14 21:11 eush77

Holy shit, please merge. That took me forever to figure out.

zwhitchcox avatar Jan 10 '15 08:01 zwhitchcox

Any update on if/when this will get merged?

recursify avatar Oct 26 '15 20:10 recursify