[🐞] Web Worker Does Not Allow withCredentials
for XHR Requests
#556
Labels
bug
Something isn't working
withCredentials
for XHR Requests
#556
Describe the bug
When using XHR requests in a script within the Web Worker, the
withCredentials
parameter is ignored.https://github.com/BuilderIO/partytown/blob/1d2efe0694c2712d69a2d9b6a60a78050fb3fe81/src/lib/web-worker/worker-window.ts#L590
I'm not sure what the initial motivation was to disallow
withCredentials
on XHR requests, but it effectively makes it impossible to set cookies using theSet-Cookie
header from subdomains.I noticed this while trying to set up a Google Tagging Server with Partytown. See: #501
Tagging Server are usually set up as a subdomain and need to set cookies through the
Set-Cookie
header.Reproduction
https://www.partydawn.top/
Steps to reproduce
See https://www.partydawn.top/
I don't think you can reproduce this locally due to the restrictions of cross-site cookies and the inability to set up localhost subdomains. I've set up the test site above that uses a tagging server under a subdomain and checks against cookies set by different methods.
Using the Tagging Server with Partytown leads to missing cookies (Google Tag Manager uses XHR for compatibility reasons, like most tracking scripts).
I've implemented two workarounds:
Using a shim that implements the original
XMLHttpRequest
API, but uses fetch under the hood. And introducing a new config for Partytown that enableswithCredentials
for XHR requests inside the Web Worker.Both set cookies through the
Set-Cookie
header correctly.Browser Info
Chrome 121.0.6167.185
Additional Information
No response
The text was updated successfully, but these errors were encountered: