[lib] Remove withCredentials on upload blob call
Summary:
Fix for ENG-5669
During request for blob upload we set withCredentials to true. This tells browser that it should include credentials (cookies, HTTP authentication headers) when making requests for both same-origin and cross-origin requests. But for cross-origin requests, the server also needs to respond with a correct CORS header. We have two options for fixing this:
- Add the required CORS header. This is basically adding credentials: true to the cors config in keyserver/keyserver.js
- Remove the withCredentials line. After my recent cookie changes, we stopped using browser cookies on web, and instead pass them inside the formdata like on native. This means that we don't need to include credentials (in this case meaning browser cookies) with this request.
Both of these changes worked, this diff implements the (2) option as it simplifies the code.
Test Plan:
Follow instructions in D9396 so the web app is hosted on different origin then the keyserver (so we can test CORS issues).
Check that without this diff the request fails with the same error as in ENG-5669
Check that with this diff the request succeeds.
Also checked that native (checked on iOS emulator) can still send images.
Reviewers: ashoat, tomek
Reviewed By: ashoat
Subscribers: wyilio
Differential Revision: https://phab.comm.dev/D9722