Comments (8)
Good question, read from jpillora/xdomain#21 (comment) onwards. In short, it's for jQuery, however, due to all these conflicts maybe a smarter way to do is to add a custom ajax transport.
from xhook.
Actually, a much easier fix if(jQuery) jQuery.support.cors = true;
, trying to remember if we patch withCredentials
for any other reason...
from xhook.
Oh yes, script load sequence. If jQuery is loaded after XHook, then XHook won't have a reference to it yet. If jQuery is loaded before then possibly other libraries are also loaded before, and some libraries grab hold of window.XMLHttpRequest
thereby preventing XHook from patching it. And adding an ajax transport would have the same load sequence problem. Still, there might be a nicer solution to this...
from xhook.
Okay I'm testing with what was suggested: turn off xhook withCredentials, and forcing jQuery support cors to be true.
All of our authenticated CORS goes over XDomain (which works wonderfully well) via jQuery, and the only times it uses the native XHR is 3rd party services without authentication.
from xhook.
So yep, that's why I've just left this with the
//fix trackers
xhook.addWithCredentials = false;
//fix jquery cors
jQuery.support.cors = true;
work around though this does need to be added to the docs...
from xhook.
Yup everything works with the suggested fix.
from xhook.
Okay... actually forcing addWithCredentials
to false
will then also remove it from modern browsers. I noticed suddenly all my errors stopped reporting in non IE browsers, and to my surprise, I saw that withCredentials
was returning false in all new XHR instances including Firefox + Chrome.
I think the real fix here is intelligently figure out whether we should add the withCredentials
by doing a check to see if the browser supports it. As it stands right now, you have to set addWithCredentials
to a boolean - but I propose this fix:
xhook.addWithCredentials = ("withCredentials" in new XMLHttpRequest());
This will dynamically set that value so modern browsers have it included, and older browsers which don't natively support that property won't.
This should wrap up everything without having to educate users of the addWithCredentials
method - it should just work as expected out of the box. Though, it's still worth noting the jQuery cors support
patch.
from xhook.
I agree, it should always be added in modern browsers. The problem with doing:
xhook.addWithCredentials = ("withCredentials" in new XMLHttpRequest());
is this will cause jQuery ajax to stop working under older browsers. So maybe, setting:
xhook.addWithCredentials = false
will prevent it from being added so one might assume that if it's already there, this will have no effect, so the real fix might be:
# initialise 'withCredentials' on facade xhr in browsers with it
# or if explicitly told to do so
if 'withCredentials' of xhr or xhook.addWithCredentials
facade.withCredentials = false
Putting this in now
from xhook.
Related Issues (20)
- Warning 'Event.path' is deprecated and will be removed in M109, around January 2023. Please use 'Event.composedPath()' instead HOT 1
- Slowing down the network calls HOT 2
- Errors are passed to Promise.resolve instead of Promise.reject with xhook 1.4.9 HOT 6
- Automate release process HOT 10
- Speed up tests
- Some files are unnecessary. HOT 1
- Automatic Github releases using conventional commits
- xhook breaks `navigator.sendBeacon(url, formData)` HOT 6
- Change the output of xhook in src/main.js HOT 1
- FormData fails all calls - testing solution but can't make it work at all HOT 17
- Before handlers for fetch(new Request('/foo')) requests : 1) sync handlers get no information; 2) sync and async can't change request parameters or replace the Request instance.
- When other programs modify XMLHttpRequest.prototype., xhook will not work HOT 1
- [Question] How to skip certain URL (some URL use mock data and some still go to real API )? HOT 1
- When you use xhr.response to read response data, the hook becomes invalid
- [Bug] Unable to retrieve the requested URL in the response
- The HTTP field name should be lowercase
- [Bug] The default value of XHR's response is incorrect
- [Bug] isFetch parameter is undefined
- Header parsing fails since it assume CRLF is always present, in my scenario only LR present
- facade is missing responseType, but some clients expect to see it HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xhook.