React-native: fetch API on Android doesn't respect credentials: omit

Created on 15 Mar 2017  路  10Comments  路  Source: facebook/react-native

Description

If Android's native networking library detects valid cookies for a particular network request it will always tack those cookies onto the request, even if credentials: "omit" is passed to the fetch API.

This problem has been reported multiple times in #1274, which is an related issue that has been closed. I wanted to create a new issue to track it.

This problem makes it very difficult to fully encapsulate cookie logic within Javascript, and necessitates interacting directly with native cookie storage with something like react-native-cookies. This is unfortunate, as there is no particular reason that cookies ought to be handled natively, and outside of this problem it is possible to handle cookies entirely in Javascript.

Reproduction

  1. First, get a cookie set on the client by hitting a server endpoint that returns a Set-Cookie header.
  2. On Android,
await fetch(
  credentials: 'omit',
  ...
);
  1. Add some logging code on the server to see if a Cookie header is set by client. Confirm that this is happening.

Solution

React Native on Android should respect the credentials: 'omit' option.

Additional Information

  • React Native version: 42
  • Platform: Android only
  • Operating System: macOS
Locked
Source
picture Ashoat
👍3

Most helpful comment

Spotted the same issue, would be great to have a proper fix.

picture GetSource1234 on 13 Sep 2017
👍13

All 10 comments

as far as I can tell this is an issue on iOS as well

jtmarmon picture jtmarmon on 31 Mar 2017
👍1

I am facing the same issue. Using credentials: 'omit' on Android fetch does not work.

vijayst picture vijayst on 5 Apr 2017
👍3

for anyone looking for a workaround, since i didn't need cookies at all, i just cleared cookies before each request using https://github.com/joeferraro/react-native-cookies

jtmarmon picture jtmarmon on 5 Apr 2017

There is a commit that supposed to be solved this issue, but it not working for me. Any idea?
https://github.com/github/fetch/commit/c389ccd8321a20bf6e713e10e82503a896de1f14

yabeow picture yabeow on 27 May 2017

Hi there! This issue is being closed because it has been inactive for a while. Maybe the issue has been fixed in a recent release, or perhaps it is not affecting a lot of people. Either way, we're automatically closing issues after a period of inactivity. Please do not take it personally!

If you think this issue should definitely remain open, please let us know. The following information is helpful when it comes to determining if the issue should be re-opened:

  • Does the issue still reproduce on the latest release candidate? Post a comment with the version you tested.
  • If so, is there any information missing from the bug report? Post a comment with all the information required by the issue template.
  • Is there a pull request that addresses this issue? Post a comment with the PR number so we can follow up.

If you would like to work on a patch to fix the issue, contributions are very welcome! Read through the contribution guide, and feel free to hop into #react-native if you need help planning your contribution.

hramos picture hramos on 31 Jul 2017

Just ran into this exact issue. Currently using https://www.npmjs.com/package/react-native-cookie as a workaround; simply clearing the cookies before each request.

kadzier picture kadzier on 23 Aug 2017

Spotted the same issue, would be great to have a proper fix.

GetSource1234 picture GetSource1234 on 13 Sep 2017
👍13

If you are using Expo, you can't run react-native link to use react-native-cookie.
But you can clear cookies this way:

var RCTNetworking = require('RCTNetworking')
function clearCookies () {
  RCTNetworking.clearCookies((cleared) => {
    console.log('Cookies cleared, had cookies=' + cleared.toString())
  })
}

Maybe it will help someone.

2DKot picture 2DKot on 8 May 2018
👍3

After upgrading to the latest RN version, I've faced a similar issue regarding authentication cookies. Authentication worked fine on first login, but failed after reloading the iOS simulator. My guess is that RN fetch reuses an old cookie after reload? However clearing cookies before performing initial login fixes the issue. Solution from @2DKot works for me. Thanks for that! 馃憤

It would be great to have more debug information at hand in DevTools network panel. Both cookies and 302 redirects are really hard to track compared to browser web apps. You can just guess what's going on or use external tools. In my case Login was successful and sends 302 to another page which then redirects to login endpoint again because of wrong cookie sent. 馃挬

winterbe picture winterbe on 29 May 2018

would be great if it will be worked as in specification

nicksyndicate picture nicksyndicate on 31 May 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

axelg12 picture axelg12  路  3Comments
janmonschke picture janmonschke  路  3Comments
jlongster picture jlongster  路  3Comments
ghost picture ghost  路  3Comments
anchetaWern picture anchetaWern  路  3Comments