-
Notifications
You must be signed in to change notification settings - Fork 436
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to set xhr.withCredentials #103
Comments
xhr.withCredentials
Looks like the CORS headers set for OPTIONS requests specifically set This seems like an unnecessary restriction that forces annoying constraints on the rest of the setup. Providing a fully custom transport for this seems like a lot of overhead. |
So while we can solve this problem for fetch and xhr based transports, there is nothing that can be done for including cookies on cross-origin WebSocket connections as far as I know. One workaround would be to make the WebSocketTransport throw an error if you try to construct it in such a way that you request credentials (cookies) be send cross origin ( |
Why not let the browser deal with that? |
We ended up copying I can compose a sample PR if you like this idea. |
Sounds good to me, let's get a PR up for discussion. |
@johanbrandhorst please take a look at #260 |
And #261. |
This has been resolved for some time now, you can now configure the |
Linking directly for others: grpc-web/client/grpc-web/src/transports/http/http.ts Lines 9 to 17 in d92a6da
|
I'm facing a scenario where I have to talk to a gRPC server that sits behind a reverse proxy which redirects to ADFS for login and sets a http-only session cookie which it will pick up on subsequent requests and attaches an
Authorization
header. The problem is that the transports don't set the cookies with the gRPC invocation, so each POST results in a redirect.What do you think about adding an option somewhere which could set the
withCredentials
property of theXMLHttpRequest
before sending the request?The text was updated successfully, but these errors were encountered: