fix: [#1631] Set fetch credentials to same-origin for xhr when withCredentials is false #1632
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To more accurately emulate xhr spec behaviour https://xhr.spec.whatwg.org/#the-withcredentials-attribute
It looks like
credentials
should be set tosame-origin
when using xhr withwithCredentials
false, because xhr will only stop sending credentials if the request is not the same origin, andsend
method of fetch will callgetRequestHeaders
which performs this kind of check. I might be missing something, some kind of behaviour that will break withsame-origin
and was working correctly withomit
, but I struggle to find it.I'm not sure if my approach to tests is good enough. I tried to do this via unit test first, but every test there mocks the
send
implementation (and thesend
method callsgetRequestHeaders
) so I decided that I'd rather write an integration test and a unit test will check what kind ofcredentials
option is passed to fetch. So let me know if you have better idea of how to refactor the tests if it's neededFixes #1631