Request: ability to set xmlHttpRequest.withCredentials

Do you want to request a feature or report a bug? Feature

What is the current behavior? xmlHttpRequest.withCredentials takes on the default value (false) and I can’t use Pusher auth calls to set cookies.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem via https://jsfiddle.net or similar.

Example code:

const pusher = new Pusher(REACT_APP_PUSHER_KEY, {
  cluster: REACT_APP_PUSHER_CLUSTER,
  authEndpoint: `${REACT_APP_BACKEND_HOST}/pusher/auth/web`,
  auth: {
    headers: {},
    params: {
        // [irrelevant]
    },
  },
});

pusher.connect();

REACT_APP_BACKEND_HOST is potentially on a different origin. When the backend sends

Set-Cookie: connect.sid=s%3AKjPBOeBYzc705H7vq4qnkSXPHV2zF1qi.x7N8w9e2sCc0Z2hQHeWaBy9b73M04gI0qi0WkY%2F%2BbYc; Path=/; Expires=Tue, 22 Sep 2020 03:11:57 GMT; HttpOnly

The cookie is not persisted in the browser.

What is the expected behavior? Expose the internal xmlHttpRequest config so I can set withCredentials = true. I’m using this in the Web runtime.

Which versions of Pusher, and which browsers / OS are affected by this issue? Did this work in previous versions of Pusher? If so, which? This hasn’t been an option in the past to my knowledge. I’m using Pusher JS 6.0.3.

I’ve seen the workarounds suggested in https://github.com/pusher/pusher-js/issues/62, but I’d rather not have to keep up with private API changes and I think this is a widely applicable use case! 🙂

Thank you so much!