From 9a0bce23454cdd5beefd9d4c599664003573e581 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mislav=20Marohni=C4=87?= Date: Thu, 31 Oct 2019 21:02:25 +0100 Subject: [PATCH 1/2] Document more caveats People are getting tripped up on these being unavailable in the polyfill. --- README.md | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 06cbd90a..66c87498 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,10 @@ fetch('/avatars', { cookies, always supply the `credentials: 'same-origin'` option instead of relying on the default. See [Sending cookies](#sending-cookies). +* Not all Fetch standard options are supported in this polyfill. For instance, + [`redirect`](#redirect-modes) and + [`cache`](https://github.github.io/fetch/#caveats) directives are ignored. + #### Handling HTTP error statuses To have `fetch` Promise reject on HTTP error statuses, i.e. on any non-2xx @@ -229,15 +233,6 @@ fetch('https://example.com:1234/users', { }) ``` -To disable sending or receiving cookies for requests to any domain, including -the current one, use the "omit" value: - -```javascript -fetch('/users', { - credentials: 'omit' -}) -``` - The default value for `credentials` is "same-origin". The default for `credentials` wasn't always the same, though. The following @@ -258,6 +253,12 @@ fetch('/users', { }) ``` +Note: due to [limitations of +XMLHttpRequest](https://github.com/github/fetch/pull/56#issuecomment-68835992), +using `credentials: 'omit'` is not respected for same domains in browsers where +this polyfill is active. Cookies will always be sent to same domains in older +browsers. + #### Receiving cookies As with XMLHttpRequest, the `Set-Cookie` response header returned from the @@ -266,6 +267,15 @@ read with `response.headers.get()`. Instead, it's the browser's responsibility to handle new cookies being set (if applicable to the current URL). Unless they are HTTP-only, new cookies will be available through `document.cookie`. +#### Redirect modes + +The Fetch specification defines these values for [the `redirect` +option](https://fetch.spec.whatwg.org/#concept-request-redirect-mode): "follow" +(the default), "error", and "manual". + +Due to limitations of XMLHttpRequest, only the "follow" mode is available in +browsers where this polyfill is active. + #### Obtaining the Response URL Due to limitations of XMLHttpRequest, the `response.url` value might not be @@ -283,6 +293,8 @@ response.headers['X-Request-URL'] = request.url This server workaround is necessary if you need reliable `response.url` in Firefox < 32, Chrome < 37, Safari, or IE. +#### Controlling redirects + #### Aborting requests This polyfill supports From 1364c85717b277356dfa5f27ce82fc1997bf8796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mislav=20Marohni=C4=87?= Date: Thu, 31 Oct 2019 21:05:26 +0100 Subject: [PATCH 2/2] Fix ToC --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 66c87498..066e9092 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ replacement for most uses of XMLHttpRequest in traditional web applications. * [Handling HTTP error statuses](#handling-http-error-statuses) * [Sending cookies](#sending-cookies) * [Receiving cookies](#receiving-cookies) + * [Redirect modes](#redirect-modes) * [Obtaining the Response URL](#obtaining-the-response-url) * [Aborting requests](#aborting-requests) * [Browser Support](#browser-support) @@ -293,8 +294,6 @@ response.headers['X-Request-URL'] = request.url This server workaround is necessary if you need reliable `response.url` in Firefox < 32, Chrome < 37, Safari, or IE. -#### Controlling redirects - #### Aborting requests This polyfill supports