withCredentials cannot be set to false

2 posts, 1 answers
  1. Daniel
    Daniel avatar
    11 posts
    Member since:
    Mar 2012

    Posted 24 Jun 2014 Link to this post


    When uploading files, we have the need to set the withCredentials to false on the XmlHttpRequest. My upload event implementation is as follows:

    upload: function (e) {
        var xhr = e.XMLHttpRequest;
        if (xhr) {
            xhr.addEventListener('readystatechange', function (event) {
                if (xhr.readyState == 1) {
                        xhr.withCredentials = false;
                        xhr.setRequestHeader("Authorization", "Bearer " + token);
                        xhr.crossDomain = true;

    The problem is that the code inside of kendo.all.js for postFormData() overrides the withCredentials value with a "true" after the xhr open event is fired. Thus overriding any setting to the string value of "true", prior to sending.

    The code in kendo.all.js is as follows:

    xhr.open("POST", url, true);
    xhr.withCredentials = "true";

    A fix for the issue would be to set the withCredentials value prior to opening the xhr as follows:

    xhr.withCredentials = true;
    xhr.open("POST", url, true);

    Please let me know if I am doing something wrong, or if there any plans to change this.
  2. Answer
    Vladimir Iliev
    Vladimir Iliev avatar
    2203 posts

    Posted 27 Jun 2014 Link to this post

    Hi Daniel,

    Please note that this option is already configurable from the KendoUI Q2 Beta release (official release is expected in mid July) - please check the change log below:


    • Add withCredentials setting for async uploads. Default is true.

    Vladimir Iliev
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
Back to Top