From 454ab8fc238da16f9c3986d9a64ea8e716ac0bac Mon Sep 17 00:00:00 2001 From: Adam Comella Date: Wed, 8 Mar 2017 06:00:17 -0800 Subject: [PATCH] BREAKING: iOS: Support withCredentials flag in XHRs Summary: Corresponding Android PR: #12276 Respect the withCredentials XMLHttpRequest flag for sending cookies with requests. This can reduce payload sizes where large cookies are set for domains. This should fix #5347. This is a breaking change because it alters the default behavior of XHR. Prior to this change, XHR would send cookies by default. After this change, by default, XHR does not send cookies which is consistent with the default behavior of XHR on web for cross-site requests. Developers can restore the previous behavior by passing `true` for XHR's `withCredentials` argument. **Test plan (required)** Verified in a test app that XHR works properly when specifying `withCredentials` as `true`, `false`, and `undefined`. Also, my team uses this change in our app. Adam Comella Microsoft Corp. Closes https://github.com/facebook/react-native/pull/12275 Differential Revision: D4673644 Pulled By: mkonicek fbshipit-source-id: 2fd8f536d02fb39d872eb849584c5c4f7e7698c5 --- Libraries/Network/RCTNetworking.ios.js | 6 ++++-- Libraries/Network/RCTNetworking.mm | 1 + Libraries/Network/XMLHttpRequest.js | 2 ++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Libraries/Network/RCTNetworking.ios.js b/Libraries/Network/RCTNetworking.ios.js index b67049036..dd569a07d 100644 --- a/Libraries/Network/RCTNetworking.ios.js +++ b/Libraries/Network/RCTNetworking.ios.js @@ -33,7 +33,8 @@ class RCTNetworking extends NativeEventEmitter { responseType: 'text' | 'base64', incrementalUpdates: boolean, timeout: number, - callback: (requestId: number) => any + callback: (requestId: number) => any, + withCredentials: boolean ) { const body = convertRequestBody(data); RCTNetworkingNative.sendRequest({ @@ -43,7 +44,8 @@ class RCTNetworking extends NativeEventEmitter { headers, responseType, incrementalUpdates, - timeout + timeout, + withCredentials }, callback); } diff --git a/Libraries/Network/RCTNetworking.mm b/Libraries/Network/RCTNetworking.mm index 67379f96b..4a7f7ccd6 100644 --- a/Libraries/Network/RCTNetworking.mm +++ b/Libraries/Network/RCTNetworking.mm @@ -230,6 +230,7 @@ RCT_EXPORT_MODULE() request.HTTPMethod = [RCTConvert NSString:RCTNilIfNull(query[@"method"])].uppercaseString ?: @"GET"; request.allHTTPHeaderFields = [self stripNullsInRequestHeaders:[RCTConvert NSDictionary:query[@"headers"]]]; request.timeoutInterval = [RCTConvert NSTimeInterval:query[@"timeout"]]; + request.HTTPShouldHandleCookies = [RCTConvert BOOL:query[@"withCredentials"]]; NSDictionary *data = [RCTConvert NSDictionary:RCTNilIfNull(query[@"data"])]; NSString *trackingName = data[@"trackingName"]; if (trackingName) { diff --git a/Libraries/Network/XMLHttpRequest.js b/Libraries/Network/XMLHttpRequest.js index c0f2be923..92669b8b2 100644 --- a/Libraries/Network/XMLHttpRequest.js +++ b/Libraries/Network/XMLHttpRequest.js @@ -119,6 +119,7 @@ class XMLHttpRequest extends EventTarget(...XHR_EVENTS) { status: number = 0; timeout: number = 0; responseURL: ?string; + withCredentials: boolean = false upload: XMLHttpRequestEventTarget = new XMLHttpRequestEventTarget(); @@ -501,6 +502,7 @@ class XMLHttpRequest extends EventTarget(...XHR_EVENTS) { incrementalEvents, this.timeout, this.__didCreateRequest.bind(this), + this.withCredentials ); }