BREAKING: iOS: Support withCredentials flag in XHRs

Adam Comella · facebook-github-bot · commit 454ab8fc238d · 2017-03-08T06:15:15.000-08:00
Summary: Corresponding Android PR: #12276 Respect the withCredentials XMLHttpRequest flag for sending cookies with requests. This can reduce payload sizes where large cookies are set for domains. This should fix #5347. This is a breaking change because it alters the default behavior of XHR. Prior to this change, XHR would send cookies by default. After this change, by default, XHR does not send cookies which is consistent with the default behavior of XHR on web for cross-site requests. Developers can restore the previous behavior by passing `true` for XHR's `withCredentials` argument. **Test plan (required)** Verified in a test app that XHR works properly when specifying `withCredentials` as `true`, `false`, and `undefined`. Also, my team uses this change in our app. Adam Comella Microsoft Corp. Closes #12275 Differential Revision: D4673644 Pulled By: mkonicek fbshipit-source-id: 2fd8f536d02fb39d872eb849584c5c4f7e7698c5
diff --git a/Libraries/Network/RCTNetworking.ios.js b/Libraries/Network/RCTNetworking.ios.js
@@ -33,7 +33,8 @@ class RCTNetworking extends NativeEventEmitter {
     responseType: 'text' | 'base64',
     incrementalUpdates: boolean,
     timeout: number,
-    callback: (requestId: number) => any
+    callback: (requestId: number) => any,
+    withCredentials: boolean
   ) {
     const body = convertRequestBody(data);
     RCTNetworkingNative.sendRequest({
@@ -43,7 +44,8 @@ class RCTNetworking extends NativeEventEmitter {
       headers,
       responseType,
       incrementalUpdates,
-      timeout
+      timeout,
+      withCredentials
     }, callback);
   }
 
diff --git a/Libraries/Network/RCTNetworking.mm b/Libraries/Network/RCTNetworking.mm
@@ -230,6 +230,7 @@ - (RCTURLRequestCancellationBlock)buildRequest:(NSDictionary<NSString *, id> *)q
   request.HTTPMethod = [RCTConvert NSString:RCTNilIfNull(query[@"method"])].uppercaseString ?: @"GET";
   request.allHTTPHeaderFields = [self stripNullsInRequestHeaders:[RCTConvert NSDictionary:query[@"headers"]]];
   request.timeoutInterval = [RCTConvert NSTimeInterval:query[@"timeout"]];
+  request.HTTPShouldHandleCookies = [RCTConvert BOOL:query[@"withCredentials"]];
   NSDictionary<NSString *, id> *data = [RCTConvert NSDictionary:RCTNilIfNull(query[@"data"])];
   NSString *trackingName = data[@"trackingName"];
   if (trackingName) {
diff --git a/Libraries/Network/XMLHttpRequest.js b/Libraries/Network/XMLHttpRequest.js
@@ -119,6 +119,7 @@ class XMLHttpRequest extends EventTarget(...XHR_EVENTS) {
   status: number = 0;
   timeout: number = 0;
   responseURL: ?string;
+  withCredentials: boolean = false
 
   upload: XMLHttpRequestEventTarget = new XMLHttpRequestEventTarget();
 
@@ -501,6 +502,7 @@ class XMLHttpRequest extends EventTarget(...XHR_EVENTS) {
       incrementalEvents,
       this.timeout,
       this.__didCreateRequest.bind(this),
+      this.withCredentials
     );
   }
 
