Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

fetch API on Android doesn't respect credentials: omit

See original GitHub issue

Description

If Android’s native networking library detects valid cookies for a particular network request it will always tack those cookies onto the request, even if credentials: "omit" is passed to the fetch API.

This problem has been reported multiple times in #1274, which is an related issue that has been closed. I wanted to create a new issue to track it.

This problem makes it very difficult to fully encapsulate cookie logic within Javascript, and necessitates interacting directly with native cookie storage with something like react-native-cookies. This is unfortunate, as there is no particular reason that cookies ought to be handled natively, and outside of this problem it is possible to handle cookies entirely in Javascript.

Reproduction

First, get a cookie set on the client by hitting a server endpoint that returns a Set-Cookie header.
On Android,

await fetch(
  credentials: 'omit',
  ...
);

Add some logging code on the server to see if a Cookie header is set by client. Confirm that this is happening.

Solution

React Native on Android should respect the credentials: 'omit' option.

Additional Information

React Native version: 42
Platform: Android only
Operating System: macOS

Issue Analytics

State:
Created 7 years ago
Reactions:3
Comments:10 (2 by maintainers)

Top GitHub Comments

13reactions

GetSource1234commented, Sep 13, 2017

Spotted the same issue, would be great to have a proper fix.

3reactions

2DKotcommented, May 8, 2018

If you are using Expo, you can’t run react-native link to use react-native-cookie. But you can clear cookies this way:

var RCTNetworking = require('RCTNetworking')
function clearCookies () {
  RCTNetworking.clearCookies((cleared) => {
    console.log('Cookies cleared, had cookies=' + cleared.toString())
  })
}

Maybe it will help someone.

Top Results From Across the Web

JS Fetch API - When should I use credentials option with "omit ...

My question is, if I want to omit cookies and auth headers, why should I ever bother to use credentials: 'omit' in the...

Fetch Standard

Numerous APIs provide the ability to fetch a resource, e.g. HTML's img and script element, CSS' cursor and list-style-image , the navigator.

Using the Fetch API - MDN Web Docs

The Fetch API provides a JavaScript interface for accessing and manipulating parts of the protocol, such as requests and responses.

Best practices for unique identifiers - Android Developers

This document provides guidance for selecting appropriate identifiers for your app based on your use case. For a general look at Android permissions, ......

Connect your app to the Authentication Emulator - Firebase

If you want your Admin SDK code to connect to a shared emulator running in ... call REST APIs to create and delete...