javascript - How to disable 'withcredentials' in HTTP header with node.js and Request package? -

javascript - How to disable 'withcredentials' in HTTP header with node.js and Request package? -

using node.js , request bundle browser (via browserify), using cors http request on separate domain.

on server, when set 'access-control-allow-origin' wildcard '*', next error on client:

xmlhttprequest cannot load .... wildcard '*' cannot used in 'access-control-allow-origin' header when credentials flag true. origin '...' hence not allowed access.

the http request header looks this:

accept:*/* accept-encoding:gzip,deflate,sdch accept-language:en-us,en;q=0.8,ja;q=0.6 access-control-request-headers:withcredentials access-control-request-method:get cache-control:no-cache connection:keep-alive host:localhost:3000 origin:http://localhost:9966 pragma:no-cache referer:http://localhost:9966/ user-agent:mozilla/5.0 (macintosh; intel mac os x 10_9_3) applewebkit/537.36 (khtml, gecko) chrome/35.0.1916.153 safari/537.36

so problem access-control-request-headers:withcredentials in header, right?

to able remove this, need set 'withcredentials' property of 'xmlhttprequest' object 'false'. however, cannot figure out node.js or request bundle creating 'xmlhttprequest' object, , how can access this.

thanks.

after investigation, discovered withcredentials setting can passed in via options parameter object:

var req = http.request({ withcredentials: false }, function(res) { //... }); req.end();

if undefined, default setting true.

reference http-browserify/lib/request.js source:

if (typeof params.withcredentials === 'undefined') { params.withcredentials = true; } seek { xhr.withcredentials = params.withcredentials } grab (e) {}

javascript node.js http xmlhttprequest request