withCredentials flag gets ignored on iOS
#14869
Comments
|
We've hit this as well. Nice catch! :) |
|
Made a PR: #14931 Reviews appreciated as Objective-C and especially Networking in it is not my strength. |
|
0.46.2, still not working |
|
Sorry for late reply. back from vacation. It seems that withCredential flag and the fix to send the cookie by default conflicts each other. Let me analyze a bit more and will update. |
|
Any update on this issue? We're also affected. |
|
I raised some concerns in #14931 (comment), which contains the proposed fix. I'm not sure if I'm clear on precisely what behavior you're expecting. Specifically, when you use I expect that the problem may be that cookies are missing, because the changes in 047961f switched to a different cookie jar. Understandably, this would be bad for existing users, who could potentially be logged out through the loss of the cookies that were set before that change. However, I'd like clarification from those of you who are affected, since I'm afraid #14931 may have the wrong fix. |
|
I believe I am running into this issue as well, in RN 0.46 and 0.47. Basically, my specific problem is due to the change mentioned at the top of this thread (047961f), the Cookie header is always added to fetch requests even if withCredentials is false. In my use case, I am using a WebView which can update the cookies unintentionally, so when I make fetch requests I explicitly set withCredentials to false and pass my own Cookie header. The fix you have in #14931 looks like it gets close to fixing my issue but not all the way probably. With your change it looks like if I set withCredentials to false it would leave setHTTPShouldSetCookies as NO, which is good I assume (I am not that knowledgable about setHTTPShouldSetCookies TBH), BUT it looks like it would still add the Cookie header (the else case) even though I don't want it to. I just need a way to "opt-out" of cookies being automatically added. I feel like setting withCredentials to false is reasonable... at least thats what I would expect. I could be wrong. Also I believe this is the way Android already behaves. |
|
Any news or progress on this? :-) |
|
Sorry, I got lazy. I just opened a PR to revert the original breaking change in #16127. If you agree, do you mind chiming in? @panunu @aarondail @jozan @cbjs @JonnyBurger |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Maybe the issue has been fixed in a recent release, or perhaps it is not affecting a lot of people. If you think this issue should definitely remain open, please let us know why. Thank you for your contributions. |
stale
bot
added
the
Stale
Is this a bug report?
Yes
Have you read the Bugs section of the Contributing to React Native Guide?
Yes
Environment
react-native -v: 0.46Then, specify:
Description
In
[email protected], a flagwithCredentialswas introduced. In[email protected], the behaviour was unintentionally changed by this commit: 047961fwithCredentials = truetranslates toHTTPShouldHandleCookies = YESin native code. After the commit that I linked above, theCookieheader gets set explicitly, which overrides any behaviour set byHTTPShouldHandleCookies.Steps to Reproduce
Make a
fetchrequest with the flagwithCredentials: true.Expected Behavior
The flag gets respected.
The cookie header only gets set explicitly if
withCredentials = falseActual Behavior
The flag gets overridden.
Reproducible Demo
Hard to make a demo, but the bug can be proven with the Apple documentation:
Here you can see that
HTTPShouldHandleCookiesis being set based on thewithCredentialsflag.Here you can see that the
Cookieheader is being set explicitly, which takes precedence overHTTPShouldHandleCookies.Related issues
cc
@clozr
The text was updated successfully, but these errors were encountered: