[XMLHttpRequest] Making HTTP requests to redirects.

[3rd-Eden]

I'm in the process of implementing an login against an oauth based third-party server. As part of the login procedure I need to make an HTTP requests to an endpoint that returns a 302 status code with new Location header and vital session cookies that I need to intercept. Unfortunately the XMLHTTPRequest and the fetch API will automatically follow these redirect so there is no way of accessing or intercepting the required HTTP headers that contain authorization information.

So what I would like to suggest is:

• Add a non standard nofollow = true property to these API's so we as users can handle the redirect logic our selfs.
• Provide a much lower level HTTP interface much like Node's http module so we can build our own requests modules and use the modules such as request from npm.
• Provide a tcp interface so we can add HTTP parsing and WebSocket frame parsing on top of it.

[nicklockwood]

Of these, I find option 2 (polyfill the node http module) most appealing. Specifically the http.request() and http.get() methods.

Do you feel like trying to build it? :-)

http://nodejs.org/docs/v0.4.11/api/http.html#http.request

[vjeux]

You are right, XHR won't let you handle redirects yourself by design :( http://stackoverflow.com/questions/228225/prevent-redirection-of-xmlhttprequest

[3rd-Eden]

@nicklockwood A polyfill had my preference as well but I can see potential problems with it now that the package/module system follows the browser field in the package.json as it would mean that modules such as superagent would still use their browser equivalent and fallback to XHR instead of the http module.

I've been looking on implementing this all in Objective-C and possibility using the AFNetworking library to hide Objective-C's bad parts but so far, my knowledge has been lacking and I haven't made any fruitful process. :p

[nicklockwood]

@vjeux sadly my knowledge of node conventions is lacking. If I were to provide a polyfill for Node's http module, would there be a practical way to switch React Native into "server mode" so that modules would use that instead of our XHR polyfill, or am I barking up the wrong tree?

[vjeux]

@3rd-Eden do you know if you are able to login to your 3rd party via web? If yes (which seems likely) then there must be another way to do it right? Before going down the rabbit hole of making nofollow working, I wonder if there's an easier way

[3rd-Eden]

@vjeux I absolutely wished that there is a way around this insanity. The hacks that I have to use in order to consume this API are almost impossible to describe with words but here's what I'm up to. I'm building an application that interacts with the platform API of Bungie.net. You can login to bungie with either your XBox or PlayStation accounts. When you login using oAuth you get redirected and on the redirect landing page, bungie is setting cookies that are required to access parts of their "private" API. Without this information you cannot modify your account etc. So I need access to all cookies, not those can be retrieved using document.cookie in browsers but also the HTTP only cookies as these are the cookies that control if have access or not. So the main problem here is that the API does not provide a way to simply login and nor do they have plans of implementing this. There are basically 2 options that I have in order to get the information required:

• Some how get access to all cookies that are set inside of the web browser or webview of the device. Something like chrome.cookies.getAll method would be amazing: https://developer.chrome.com/extensions/cookies as that would just allow me to get all cookies for domain .bungie.net and use that send authentication information on my outgoing requests.
• Make HTTP requests to the PSN/XBox Oauth URI's and intercept HTTP headers as seen in this Python gist; https://gist.github.com/ascendancyy/702db99b626d52d69359

[vjeux]

Yeah this seems crazy indeed. My recommendation to you would be to write all the code that does the request, extracts the cookie, ... in obj-c via iOS networking stack and then expose a single method for js: login(cb).

http://facebook.github.io/react-native/docs/nativemodulesios.html#content

This is going to solve your particular issue. If this becomes a common pain point for people, then we can figure out a more elegant solution

Thank you for reporting this issue and appreciate your patience. We've notified the core team for an update on this issue. We're looking for a response within the next 30 days or the issue may be closed.

[mkonicek]

Hi there! This issue is being closed because it has been inactive for a while.

But don't worry, it will live on with ProductPains! Check out its new home: https://productpains.com/post/react-native/xmlhttprequest-making-http-requests-to-redirects

ProductPains helps the community prioritize the most important issues thanks to its voting feature.
It is easy to use - just login with GitHub.

Also, if this issue is a bug, please consider sending a PR with a fix. We rely on the community to provide
bugfixes as the core team is focused on performance.

[GetSource1234]

I spotted the same issue (RN 0.48.1). Redirect occurs automatically witin fetch request. redirect: 'manual', doesn't help.

[3rd-Eden]

Yes the issue is not fixed, it just get automatically closed for some odd reason even though it's valid report.