Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
`withCredentials` flag gets ignored on iOS
See original GitHub issueIs this a bug report?
Yes
Have you read the Bugs section of the Contributing to React Native Guide?
Yes
Environment
react-native -v: 0.46
Then, specify:
- Target Platform: iOS
- Development Operating System: macOS
- Build tools: Xcode
Description
In react-native@0.44, a flag withCredentials was introduced. In react-native@0.46, the behaviour was unintentionally changed by this commit: 047961fbf77cb012b53978184102e8ca3d00c7ec
withCredentials = true translates to HTTPShouldHandleCookies = YES in native code. After the commit that I linked above, the Cookie header gets set explicitly, which overrides any behaviour set by HTTPShouldHandleCookies.
Steps to Reproduce
Make a fetch request with the flag withCredentials: true.
Expected Behavior
The flag gets respected.
The cookie header only gets set explicitly if withCredentials = false
Actual Behavior
The flag gets overridden.
Reproducible Demo
Hard to make a demo, but the bug can be proven with the Apple documentation:
If your app sets the Cookie header on an NSMutableURLRequest object, then this method has no effect, and the cookie data you set in the header overrides all cookies from the cookie store.
Here you can see that HTTPShouldHandleCookies is being set based on the withCredentials flag.
Here you can see that the Cookie header is being set explicitly, which takes precedence over HTTPShouldHandleCookies.
Related issues
- withCredentials flag in XHRs should default to “true” #14063
cc
Issue Analytics
- State:
- Created 6 years ago
- Reactions:11
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Any news or progress on this? 😃
I raised some concerns in https://github.com/facebook/react-native/pull/14931#issuecomment-318149698, which contains the proposed fix.
I’m not sure if I’m clear on precisely what behavior you’re expecting. Specifically, when you use
withCredentials: trueare you finding that the value of theCookieheader in the resulting request is missing some cookies? Or is it thatSet-Cookieresponse headers aren’t being respected.I expect that the problem may be that cookies are missing, because the changes in 047961fbf77cb012b53978184102e8ca3d00c7ec switched to a different cookie jar. Understandably, this would be bad for existing users, who could potentially be logged out through the loss of the cookies that were set before that change. However, I’d like clarification from those of you who are affected, since I’m afraid #14931 may have the wrong fix.