cookie
cookie copied to clipboard
Add `withCredentials=True`-Note to Readme
I've just discovered, that without using a custom GET-Request with withCredentials
set to true, the Set-Cookie-Header is ignored. (No cookie is saved!)
The most interesting capability exposed by both XMLHttpRequest or Fetch and CORS is the ability to make "credentialed" requests that are aware of HTTP cookies and HTTP Authentication information. [1]
So I use the following Request to trigger an Session-init on my Server-Service with Endpoint of /hello
.
getCookie : String -> Decode.Decoder a -> Request a
getCookie url decoder =
Http.request
{ method = "GET"
, headers = []
, url = url
, body = Http.emptyBody
, expect = Http.expectJson decoder
, timeout = Nothing
, withCredentials = True -- is needed to set cookie with set-cookie-header
}
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials