Skip to content

Commit

Permalink
Fix: respect "withCredentials: false" in RCTNetworking iOS (#24629)
Browse files Browse the repository at this point in the history 
Summary:
Fixes #24080.

Even with `withCredentials: false` network requests still sending cookies. Fix this behaviour according to https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials.

[iOS] [Fixed] - Respect "withCredentials: false" in network requests
Pull Request resolved: #24629

Differential Revision: D15120420

Pulled By: cpojer

fbshipit-source-id: 78b9924436b02584c4fc1aa04763dff085eea78c
  • Loading branch information
@facebook-github-bot
Dmitry Dushkin authored and facebook-github-bot committed Apr 29, 2019
1 parent 6ab249f commit 382f088
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions Libraries/Network/RCTNetworking.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,10 +259,13 @@ - (RCTURLRequestCancellationBlock)buildRequest:(NSDictionary<NSString *, id> *)q
NSURL *URL = [RCTConvert NSURL:query[@"url"]]; // this is marked as nullable in JS, but should not be null
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:URL];
request.HTTPMethod = [RCTConvert NSString:RCTNilIfNull(query[@"method"])].uppercaseString ?: @"GET";
request.HTTPShouldHandleCookies = [RCTConvert BOOL:query[@"withCredentials"]];

// Load and set the cookie header.
NSArray<NSHTTPCookie *> *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:URL];
request.allHTTPHeaderFields = [NSHTTPCookie requestHeaderFieldsWithCookies:cookies];
if (request.HTTPShouldHandleCookies == YES) {
// Load and set the cookie header.
NSArray<NSHTTPCookie *> *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:URL];
request.allHTTPHeaderFields = [NSHTTPCookie requestHeaderFieldsWithCookies:cookies];
}

// Set supplied headers.
NSDictionary *headers = [RCTConvert NSDictionary:query[@"headers"]];
Expand All @@ -273,7 +276,6 @@ - (RCTURLRequestCancellationBlock)buildRequest:(NSDictionary<NSString *, id> *)q
}];

request.timeoutInterval = [RCTConvert NSTimeInterval:query[@"timeout"]];
request.HTTPShouldHandleCookies = [RCTConvert BOOL:query[@"withCredentials"]];
NSDictionary<NSString *, id> *data = [RCTConvert NSDictionary:RCTNilIfNull(query[@"data"])];
NSString *trackingName = data[@"trackingName"];
if (trackingName) {
Expand Down

0 comments on commit 382f088

Please sign in to comment.