Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[🐞] Web Worker Does Not Allow withCredentials for XHR Requests #556

Closed
j0Shi82 opened this issue Feb 19, 2024 · 0 comments · Fixed by #557
Closed

[🐞] Web Worker Does Not Allow withCredentials for XHR Requests #556

j0Shi82 opened this issue Feb 19, 2024 · 0 comments · Fixed by #557
Labels
bug Something isn't working

Comments

@j0Shi82
Copy link
Contributor

j0Shi82 commented Feb 19, 2024

Describe the bug

When using XHR requests in a script within the Web Worker, the withCredentials parameter is ignored.

https://github.com/BuilderIO/partytown/blob/1d2efe0694c2712d69a2d9b6a60a78050fb3fe81/src/lib/web-worker/worker-window.ts#L590

I'm not sure what the initial motivation was to disallow withCredentials on XHR requests, but it effectively makes it impossible to set cookies using the Set-Cookie header from subdomains.

I noticed this while trying to set up a Google Tagging Server with Partytown. See: #501

Tagging Server are usually set up as a subdomain and need to set cookies through the Set-Cookie header.

Reproduction

https://www.partydawn.top/

Steps to reproduce

See https://www.partydawn.top/

I don't think you can reproduce this locally due to the restrictions of cross-site cookies and the inability to set up localhost subdomains. I've set up the test site above that uses a tagging server under a subdomain and checks against cookies set by different methods.

Using the Tagging Server with Partytown leads to missing cookies (Google Tag Manager uses XHR for compatibility reasons, like most tracking scripts).

I've implemented two workarounds:

Using a shim that implements the original XMLHttpRequest API, but uses fetch under the hood. And introducing a new config for Partytown that enables withCredentials for XHR requests inside the Web Worker.

Both set cookies through the Set-Cookie header correctly.

Browser Info

Chrome 121.0.6167.185

Additional Information

No response

@j0Shi82 j0Shi82 added the bug Something isn't working label Feb 19, 2024
@gioboa gioboa linked a pull request Feb 24, 2024 that will close this issue
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant