fix(AjaxObservable): support withCredentials for CORS request

- AjaxRequest now support setting withCredentials flag closes ReactiveX#1732, ReactiveX#1711
kwonoj · Jun 9, 2016 · 58ee4ce · 58ee4ce
1 parent 01df713
commit 58ee4ce
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 13 deletions.
diff --git a/spec/helpers/ajax-helper.ts b/spec/helpers/ajax-helper.ts
@@ -133,6 +133,7 @@ export class MockXMLHttpRequest {
   method: any;
   data: any;
   requestHeaders: any = {};
+  withCredentials: boolean = false;
 
   constructor() {
     this.previousRequest = MockXMLHttpRequest.recentRequest;

diff --git a/spec/observables/dom/ajax-spec.ts b/spec/observables/dom/ajax-spec.ts
@@ -24,6 +24,28 @@ describe('Observable.ajax', () => {
     root.XMLHttpRequest = rXHR;
   });
 
+  it('should create default XMLHttpRequest for non CORS', () => {
+    const obj: Rx.AjaxRequest = {
+      url: '/',
+      method: ''
+    };
+
+    Rx.Observable.ajax(obj).subscribe();
+    expect(MockXMLHttpRequest.mostRecent.withCredentials).to.be.false;
+  });
+
+  it('should create XMLHttpRequest for CORS', () => {
+    const obj: Rx.AjaxRequest = {
+      url: '/',
+      method: '',
+      crossDomain: true,
+      withCredentials: true
+    };
+
+    Rx.Observable.ajax(obj).subscribe();
+    expect(MockXMLHttpRequest.mostRecent.withCredentials).to.be.true;
+  });
+
   it('should set headers', () => {
     const obj: Rx.AjaxRequest = {
       url: '/talk-to-me-goose',

diff --git a/src/observable/dom/AjaxObservable.ts b/src/observable/dom/AjaxObservable.ts
@@ -16,25 +16,48 @@ export interface AjaxRequest {
   password?: string;
   hasContent?: boolean;
   crossDomain?: boolean;
+  withCredentials?: boolean;
   createXHR?: () => XMLHttpRequest;
   progressSubscriber?: Subscriber<any>;
   resultSelector?: <T>(response: AjaxResponse) => T;
   responseType?: string;
 }
 
-function createXHRDefault(): XMLHttpRequest {
-  let xhr = new root.XMLHttpRequest();
-  if (this.crossDomain) {
+function getCORSRequest(): XMLHttpRequest {
+  if (root.XMLHttpRequest) {
+    const xhr = new root.XMLHttpRequest();
     if ('withCredentials' in xhr) {
-      xhr.withCredentials = true;
-      return xhr;
-    } else if (!!root.XDomainRequest) {
-      return new root.XDomainRequest();
-    } else {
-      throw new Error('CORS is not supported by your browser');
+      xhr.withCredentials = !!this.withCredentials;
     }
-  } else {
     return xhr;
+  } else if (!!root.XDomainRequest) {
+    return new root.XDomainRequest();
+  } else {
+    throw new Error('CORS is not supported by your browser');
+  }
+}
+
+function getXMLHttpRequest(): XMLHttpRequest {
+  if (root.XMLHttpRequest) {
+    return new root.XMLHttpRequest();
+  } else {
+    let progId: string;
+    try {
+      const progIds = ['Msxml2.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.4.0'];
+      for (let i = 0; i < 3; i++) {
+        try {
+          progId = progIds[i];
+          if (new root.ActiveXObject(progId)) {
+            break;
+          }
+        } catch (e) {
+          //suppress exceptions
+        }
+      }
+      return new root.ActiveXObject(progId);
+    } catch (e) {
+      throw new Error('XMLHttpRequest is not supported by your browser');
+    }
   }
 }
 
@@ -104,8 +127,6 @@ export class AjaxObservable<T> extends Observable<T> {
    * @name ajax
    * @owner Observable
   */
-  static _create_stub(): void { return null; }
-
   static create: AjaxCreationMethod = (() => {
     const create: any = (urlOrRequest: string | AjaxRequest) => {
       return new AjaxObservable(urlOrRequest);
@@ -127,8 +148,11 @@ export class AjaxObservable<T> extends Observable<T> {
 
     const request: AjaxRequest = {
       async: true,
-      createXHR: createXHRDefault,
+      createXHR: function() {
+        return this.crossDomain ? getCORSRequest.call(this) : getXMLHttpRequest();
+      },
       crossDomain: false,
+      withCredentials: false,
       headers: {},
       method: 'GET',
       responseType: 'json',