URLRequest: add withCredentials property for web requests (closes ope…

…nfl#2719) https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials This is a property that didn't exist in Flash, but it is necessary for OpenFL's HTML5 target to be able to customize the behavior of the internal XMLHttpRequest in Lime's HTTPRequest class. Uses the HTTPRequest withCredentials property, which was exposed for similar reasons. At some point in the past, URLRequest's manageCookies property was incorrectly used to set HTTPRequest's withCredentials property. However, manageCookies and withCredentials are not the same thing. They both control the behavior of cookies, but under different circumstances. manageCookies is supposed to control whether cookies are ever saved and passed with requests. withCredentials specifically applies to cross-origin requests only. Setting withCredentials will have no affect on targets that don't run in web browsers because all requests on native are essentially treated as same-origin.
VsFreyaDevs · Jul 9, 2024 · fe9d3b5 · fe9d3b5
1 parent 6aab3ef
commit fe9d3b5
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/lib/flash-externs/src/flash/net/URLRequest.hx b/lib/flash-externs/src/flash/net/URLRequest.hx
@@ -10,6 +10,15 @@ package flash.net;
 	public var method:String;
 	public var requestHeaders:Array<URLRequestHeader>;
 	public var url:String;
+	public var withCredentials(get, set):Bool;
+	@:noCompletion private inline function get_withCredentials():Bool
+	{
+		return false;
+	}
+	@:noCompletion private inline function set_withCredentials(value:Bool):Bool
+	{
+		return value;
+	}
 	#if air
 	public var authenticate:Bool;
 	public var cacheResponse:Bool;
@@ -63,6 +72,15 @@ package flash.net;
 	@:flash.property var method(get, set):String;
 	@:flash.property var requestHeaders(get, set):Array<URLRequestHeader>;
 	@:flash.property var url(get, set):String;
+	@:flash.property var withCredentials(get, set):Bool;
+	@:noCompletion private inline function get_withCredentials():Bool
+	{
+		return false;
+	}
+	@:noCompletion private inline function set_withCredentials(value:Bool):Bool
+	{
+		return value;
+	}
 	#if air
 	@:flash.property public var authenticate(get, set):Bool;
 	@:flash.property public var cacheResponse(get, set):Bool;

diff --git a/src/openfl/net/URLLoader.hx b/src/openfl/net/URLLoader.hx
@@ -409,6 +409,7 @@ class URLLoader extends EventDispatcher
 		#if (lime >= "8.0.0")
 		__httpRequest.manageCookies = request.manageCookies;
 		#end
+		__httpRequest.withCredentials = request.withCredentials;
 
 		// TODO: Better user agent?
 		var userAgent = request.userAgent;

diff --git a/src/openfl/net/URLRequest.hx b/src/openfl/net/URLRequest.hx
@@ -242,6 +242,14 @@ import haxe.macro.Compiler;
 	**/
 	public var manageCookies:Bool;
 
+	/**
+		Specifies whether cross-site `Access-Control` requests should be made
+		using credentials such as cookies, authentication headers or TLS client
+		certificates. Setting `withCredentials` has no effect on same-origin
+		requests, and it has no effect on targets not running in web browsers.
+	**/
+	public var withCredentials:Bool = false;
+
 	/**
 		Controls the HTTP form submission method.