fix(eventsource): set credentials to "include" when withCredentials is true

[AliMahmoudDev]

This relates to...

Fixes #5378

Also fixes #5380 (docs: Cookie sameSite type typo)

Rationale

When withCredentials: true is passed to the EventSource constructor, the underlying fetch request should set credentials to "include" per the WHATWG EventSource spec.

Currently, the ternary on line 168 evaluates to "omit" when corsAttributeState is USE_CREDENTIALS, because the condition checks for "anonymous" and falls through to the else branch.

Changes

Bug Fixes

• Changed "omit" to "include" in the credentials ternary in EventSource constructor
• Fixed Cookie sameSite type in docs from "String" to "Strict"

Testing

Verified that withCredentials: true now correctly sets credentials to "include" in the request options.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.25%. Comparing base (8464ab7) to head (c071623).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5379   +/-   ##
=======================================
  Coverage   93.25%   93.25%           
=======================================
  Files         110      110           
  Lines       36752    36752           
=======================================
  Hits        34274    34274           
  Misses       2478     2478           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.