javascript - Is there a way to not send cookies when making an XMLHttpRequest on the same origin?

Question

I'm working on an extension that parses the gmail rss feed for users. I allow the users to specify username/passwords if they don't want to stay signed-in. But this breaks for multiple sign-in if the user is signed-in and the username/password provided is for a different account. So I want to avoid sending any cookies but still be able to send the username/password in the send() call.

Answer 1

As of Chrome 42, the fetch API allows Chrome extensions (and web applications in general) to perform cookie-less requests. HTML5 Rocks offers an introductory tutorial on using the fetch API.

Advanced documentation on fetch is quite sparse at the moment, but the API interface from the specification is a great starting point. The fetch algorithm described below the interface shows that requests generated by fetch have no credentials by default!

fetch('http://example.com/').then(function(response) {
    return response.text(); // <-- Promise<String>
}).then(function(responseText) {
    alert('Response body without cookies:
' + responseText);
}).catch(function(error) {
    alert('Unexpected error: ' + error);
});

If you want truly anonymous requests, you could also disable the cache:

fetch('http://example.com/', {
    // credentials: 'omit', // this is the default value
    cache: 'no-store',
}).then(function(response) {
    // TODO: Handle the response.
    // https://fetch.spec.whatwg.org/#response-class
    // https://fetch.spec.whatwg.org/#body
});