LibWeb: Implement XMLHttpRequest.withCredentials

Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp

@@ -624,6 +624,32 @@ WebIDL::ExceptionOr<void> XMLHttpRequest::set_timeout(u32 timeout)
 // https://xhr.spec.whatwg.org/#dom-xmlhttprequest-timeout
 u32 XMLHttpRequest::timeout() const { return m_timeout; }
 
+// https://xhr.spec.whatwg.org/#dom-xmlhttprequest-withcredentials
+bool XMLHttpRequest::with_credentials() const
+{
+    // The withCredentials getter steps are to return this’s cross-origin credentials.
+    return m_cross_origin_credentials;
+}
+
+// https://xhr.spec.whatwg.org/#dom-xmlhttprequest-withcredentials
+WebIDL::ExceptionOr<void> XMLHttpRequest::set_with_credentials(bool with_credentials)
+{
+    auto& realm = this->realm();
+
+    // 1. If this’s state is not unsent or opened, then throw an "InvalidStateError" DOMException.
+    if (m_state != State::Unsent && m_state != State::Opened)
+        return WebIDL::InvalidStateError::create(realm, "XHR readyState is not UNSENT or OPENED");
+
+    // 2. If this’s send() flag is set, then throw an "InvalidStateError" DOMException.
+    if (m_send)
+        return WebIDL::InvalidStateError::create(realm, "XHR send() flag is already set");
+
+    // 3. Set this’s cross-origin credentials to the given value.
+    m_cross_origin_credentials = with_credentials;
+
+    return {};
+}
+
 // https://xhr.spec.whatwg.org/#garbage-collection
 bool XMLHttpRequest::must_survive_garbage_collection() const
 {

Userland/Libraries/LibWeb/XHR/XMLHttpRequest.h

@@ -63,8 +63,11 @@ public:
 
     WebIDL::ExceptionOr<void> override_mime_type(String const& mime);
 
-    WebIDL::ExceptionOr<void> set_timeout(u32 timeout);
     u32 timeout() const;
+    WebIDL::ExceptionOr<void> set_timeout(u32 timeout);
+
+    bool with_credentials() const;
+    WebIDL::ExceptionOr<void> set_with_credentials(bool);
 
     void abort();
 
@@ -103,7 +106,10 @@ private:
     //     An unsigned integer, initially 0.
     u32 m_timeout { 0 };
 
-    // FIXME: https://xhr.spec.whatwg.org/#cross-origin-credentials
+    // https://xhr.spec.whatwg.org/#cross-origin-credentials
+    // cross-origin credentials
+    //     A boolean, initially false.
+    bool m_cross_origin_credentials { false };
 
     // https://xhr.spec.whatwg.org/#request-method
     // request method

Userland/Libraries/LibWeb/XHR/XMLHttpRequest.idl

@@ -30,6 +30,7 @@ interface XMLHttpRequest : XMLHttpRequestEventTarget {
     readonly attribute any response;
     attribute XMLHttpRequestResponseType responseType;
     attribute unsigned long timeout;
+    attribute boolean withCredentials;
 
     undefined open(DOMString method, DOMString url);
     undefined open(ByteString method, USVString url, boolean async, optional USVString? username = {}, optional USVString? password = {});