Sending cookies with Cross Origin (CORS) request

rat-moonshine · July 4, 2024, 7:12am

Currently our application calls server agent with URLLoader+URLRequest ways. We sends requisite data and headers by attaching to URLRequest API.

Now the need came up to send something like this:

xhrFields: {
            withCredentials: true
}

I don’t found anything similar of a property xhrFields in URLRequest. The only close thing I found was using XMLHTTPRequest.withCredentials ( XMLHttpRequest: withCredentials property - Web APIs | MDN (mozilla.org)):

const xhr = new XMLHttpRequest();
xhr.open("GET", "http://example.com/", true);
xhr.withCredentials = true;
xhr.send(null);

Do I really need to change our usage API from URLLoader to XMLHTTPRequest to send such property? Or, is there some way while we can continue to use our URLLoader+URLRequest ways?

Please, suggest.

rat-moonshine · July 4, 2024, 1:16pm

As a follow-up to this, I learnt that we can send cookie by manipulating in request’s header; One may need to set urlRequest.manageCookies=false if testing on Windows ( openfl.net.URLRequest - API Reference).

But I hit a roadblock when trying to test this on Windows, and if a named property “Cookie” adds to request’s header - it never sends. If I change the name slightly, i.e. “Cookie1” - it sends.

I’m not sure why is this, but I created an issue at OpenFL repository:
URLRequest fails to attach cookie by manipulating its header · Issue #2717 · openfl/openfl (github.com)

Still, instead of sending cookies manually, it could have been great if something like xmlHTTPRequest.withCredentials = true could be done with URLRequest call.

joshtynjala · July 8, 2024, 3:20pm

I can see that that Lime’s HTTPRequest has a withCredentials property. OpenFL’s URLLoader uses HTTPRequest internally, but it appears that URLLoader does not expose any way to modify the withCredentials property on the internal HTTPRequest.

rat-moonshine · July 9, 2024, 12:17pm

Yes, @joshtynjala . and that is why I opened this as one request - manageCookies does not withCredentials in HTTPRequest · Issue #2719 · openfl/openfl (github.com) .

Currently, we manages to access the internal httpRequest.withCredentials of URLLoader but in hacky way, it’d be helpful if this can be access by default.