cookie icon indicating copy to clipboard operation
cookie copied to clipboard

Published 20 hours ago verified publisher icon elm-lang

Add `withCredentials=True`-Note to Readme

Open jwillem opened this issue 6 years ago • 0 comments

I've just discovered, that without using a custom GET-Request with withCredentials set to true, the Set-Cookie-Header is ignored. (No cookie is saved!)

The most interesting capability exposed by both XMLHttpRequest or Fetch and CORS is the ability to make "credentialed" requests that are aware of HTTP cookies and HTTP Authentication information. [1]

So I use the following Request to trigger an Session-init on my Server-Service with Endpoint of /hello.

getCookie : String -> Decode.Decoder a -> Request a
getCookie url decoder =
    Http.request
        { method = "GET"
        , headers = []
        , url = url
        , body = Http.emptyBody
        , expect = Http.expectJson decoder
        , timeout = Nothing
        , withCredentials = True -- is needed to set cookie with set-cookie-header
        }

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials

jwillem avatar Sep 26 '17 20:09 jwillem