Make requests not send credentials #14293
Comments
|
This is weird case - reason for using this in first place is that |
|
I'm not sure if anyone actually is using credentials, so if we can replicate behaviour of not duplicated requests I not use this, I would be in favour of it. It was some time ago since I tested it, and might be it was fixed - if it was chrome bug then (it might be just security reasons, didn't find much information on this topic). In general I would very much love to avoid adding options like that and adjust what currently is there if possible |
So is it setting
I'm not sure either, but a valid use-case for this would be a static site sitting behind an authentication proxy. But I'm not sure if anyone is doing this, or whether this actually works (since every request would have to be done with credentials enabled for this to work).
Yeah it does seem silly to add such a specific option - I probably should have opened this as a bug report instead. |
|
over 1 year ago I used https://github.com/pieh/link-preload-fetch as barebone example of issue - I don't remember specifics but I think that not using |
|
I just ran that demo and:
Possibly we could use |
cameron-martin
changed the title
cameron-martin
changed the title
The [tests that I ran](#14293 (comment)) suggest that this is no longer needed, and it fixes the [issues I was experiencing](#14293 (comment)). Fixes #14293.
|
Hiya! This issue has gone quiet. Spooky quiet. 👻 We get a lot of issues, so we currently close issues after 30 days of inactivity. It’s been at least 20 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open! As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out gatsby.dev/contribute for more information about opening PRs, triaging issues, and contributing! Thanks for being a part of the Gatsby community! 💪💜 |
gatsbot
bot
added
the
stale?
|
Not stale |
lannonbr
added
not stale
and removed
stale?
|
We're also facing this problem: multiple hosts (xxxxxx.com, xxxxxx.fr, xxxxx.ie,...) need to access same CDN where assets live. |
|
I'm facing this issue when trying to host the site on google-cloud-storage. |
|
I'd love to help to fix this issue, if there's interest... |
* fix(gatsby): Make requests not send credentials. The [tests that I ran](#14293 (comment)) suggest that this is no longer needed, and it fixes the [issues I was experiencing](#14293 (comment)). Fixes #14293. * Updated docs * Removed withCredentials that was previously missed. * Updated snapshots. * adjust test for asset-prefix * Ensure manifest is always loaded from content server * Fix test
Summary
Make gatsby not send credentials when making requests - currently in the following 2 places:
gatsby/packages/gatsby/cache-dir/loader.js
Line 87 in eaa08cf
gatsby/packages/gatsby/cache-dir/static-entry.js
Line 300 in eaa08cf
Motivation
We have a slightly weird setup where our assets are on a CDN (enabled by the new
assetPrefixoption), which is a different domain from where the pages are served. This means we have to serve the assets with CORS headers. Moreover, we need them accessible from multiple origins and the headers must be static so we have to setAccess-Control-Allow-Originto*. Having this header set this way means that browsers error when doing XHRs with credentials.My initial thought was that credentials can be removed for everyone without causing issues, but some people may have their static sites behind an authentication proxy which means credentials will need to be sent in some cases.
The text was updated successfully, but these errors were encountered: