http
http copied to clipboard
dart-lang
[Web] Use `withCredentails = true` by default
Hello,
Following this stackoverflow issue that Someone created, i have the exact same problem : I have a problem with HTTP request on the latest beta version of Flutter Web in 1.22 (Flutter 1.22.0-12.4.pre). I have a server that requires a login, give back a cookie, and we need to use the cookie in each subsequent calls to be authentified.
The problem is that the browser doesn't register the cookie even if it shows the set-cookie attribute in the network tab of chrome :
But when i search for the set-cookie of the response header it is null.
When i do the next API Call, the servers logs says that it doesn't received the Cookie and we can see in the network tab that it's right
and the really weird thing is that the error that is written in the Chrome console is a CORS policy error even thought, it's not the problem at all because the login call works well everytime and the server have log about the second one and says that the error is the lack of cookie.
I tried to add the cookie to the browser using document.cookie and i also tried to add the Cookie Header to the HTTP request once the login is done but nothing helps and the server still does not receive the cookie.
To reproduce i just created a new flutter web project on 1.22 beta, deleted the counter and have just 3 buttons available .
Login works well everytime, twoFactorCode is the two way authentification so just after login, and it doesn't work because it's waiting for the cookie, lastly i have a API request that doesn't require the cookie or the login to be performed, and it also works everytime.
here is the code for the API calls:
import 'package:http/http.dart' as http;
var headers = {'Content-Type': 'application/json'};
login() async {
try {
var body = jsonEncode({
"name": "XXX",
"pass": "XXX",
"clientId": "XXX",
"deviceOs": "deviceOs",
"deviceName": "deviceName"
});
final response =
await http.post('http://localhost:18080/services/login', body: body, headers: widget.headers);
print(response.body);
} catch (error) {
print(error);
}
}
twofactorCode() async {
try {
var body = jsonEncode({"code": "XXXXXX"});
final response =
await http.post('http://localhost:18080/services/twofactorcode', body: body, headers: widget.headers);
print(response.body);
} catch (er) {
print(er);
}
}
getParams() async {
try {
var response = await http.get("http://localhost:18080/services/parameters");
print(response.body);
} catch (er) {
print(er);
}
}
Any help to know how to use the cookie for each request would be much appreciated, thanks !
@kartercs see my comment on related issue
You don't need to store the cookie, just set it in the browser, but it will not work without withCredentials = true
#20
I have put in pull request #485 to change the default setting in the browser client
Could you kindly put withCredentials as true by default? Or let it configure from the outside?
It would be very useful
@kevmoo
Thanks in advance
Some discussion in https://github.com/dart-lang/http/pull/485
It's not clear to me if this is a safe thing to do by default. Manually setting this when necessary is the expected workaround.
