Skip to content
This repository has been archived by the owner on Apr 20, 2018. It is now read-only.

Obsrvable.ajax ignores withCredentials (CORS) settings #117

Closed
wizardwerdna opened this issue May 12, 2016 · 4 comments
Closed

Obsrvable.ajax ignores withCredentials (CORS) settings #117

wizardwerdna opened this issue May 12, 2016 · 4 comments

Comments

@wizardwerdna
Copy link 

(<any> Observable).ajax({
  url: `${YQL_BASE}?q=${YQL_QUERY}&${YQL_FORMAT}`,
  crossDomain: true,
  withCredentials: false
})
.subscribe(
  x => console.log("ajax", x),
  err => console.log("ajax err", err)
);

Observable.ajax does not appear to recognize the withCredentials mode for CORS, either expressly or as the promised default.

This code, when run on Chrome, yields substantially the following:

XMLHttpRequest cannot load . A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.

and the browser console message:

ajax err AjaxError {message: "ajax error 0", xhr: XMLHttpRequest, request: Object, status: 0}

The works when clicked in the browser error message. Similar code, using jQuery or fetch and Observable.fromPromise, works fine.
@wizardwerdna
Copy link
Author

this was intended to address an error in the 5.0 repository.

@jaredatron
Copy link

having this same problem on 7.0.3

@neckaros
Copy link

neckaros commented Jun 7, 2016
edited
Loading

Same issue with "rxjs-dom": "rx-dom#^7.0.3"

I had to modify the default settings as withCredential was not set:

var ajaxRequest = dom.ajax = function (options) {
    var settings = {
      method: 'GET',
      crossDomain: false,
      async: true,
      headers: {},
      responseType: 'text',
      withCredentials: false,
      timeout: 0,
      createXHR: function(){
        return this.crossDomain ? getCORSRequest() : getXMLHttpRequest()
      },
      normalizeError: normalizeAjaxErrorEvent,
      normalizeSuccess: normalizeAjaxSuccessEvent
    };
...

and forece false is set to false after creatinbg the XHR:

...
 try {
        xhr = settings.createXHR();
      } catch (err) {
        return o.onError(err);
      }

      try {

        if(settings.withCredentials === false && xhr.withCredentials)
          xhr.withCredentials = false;
        if (settings.user) {
          xhr.open(settings.method, settings.url, settings.async, settings.user, settings.password);
        } else {
          xhr.open(settings.method, settings.url, settings.async);
        }
...

@sfletche
Copy link

thanks @neckaros! that patch worked for me.

@wizardwerdna: should this issue be re-opened? (seeing how it's still an issue in v7.0.3)

@sfletche sfletche mentioned this issue Mar 27, 2017
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wizardwerdna @jaredatron @sfletche @neckaros