How to disable 'withcredentials' in HTTP header with node.js and Request package?

http://stackoverflow.com/questions/24433099/how-to-disable-withcredentials-in-http-header-with-node-js-and-request-package

Question:

Using node.js and the Request package from the browser (via browserify), I am using CORS to do a HTTP GET request on a separate domain.

On the server, when I set 'Access-Control-Allow-Origin' to the wildcard '*', I get the following error on the client:

XMLHttpRequest cannot load .... A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin '...' is therefore not allowed access.

The HTTP request header looks like this:

Accept:*/*Accept-Encoding:gzip,deflate,sdchAccept-Language:en-US,en;q=0.8,ja;q=0.6Access-Control-Request-Headers:withcredentialsAccess-Control-Request-Method:GETCache-Control:no-cacheConnection:keep-aliveHost:localhost:3000Origin:http://localhost:9966Pragma:no-cacheReferer:http://localhost:9966/User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

So clearly the problem is Access-Control-Request-Headers:withcredentials in the header, right?

To be able to remove this, I need to set the 'withcredentials' property of the 'XMLHttpRequest' object to 'false'. However, I cannot figure out where node.js or the Request package are creating the 'XMLHttpRequest' object, and how I can even access this.

Thanks.

Answer: 

After some investigation, I discovered that the withCredentials setting can be passed in via the options parameter object:

var req = http.request({    withCredentials: false}, function(res) {    //...});req.end();

If undefined, the default setting is true.

Reference from the http-browserify/lib/request.js source:

if (typeof params.withCredentials === 'undefined') {    params.withCredentials = true;}try { xhr.withCredentials = params.withCredentials }catch (e) {}

http://stackoverflow.com/a/24443043/2177408