Sending credentials with cross-domain posts

Question

According to Requests with credentials  Firefox will only send credentials along with cross-domain posts if   invocation withCredentials    true     is set    But it doesn t seem like jQuery s Ajax API provides any mechanism for this   Is there something I ve missed  Is there some other way I can do it

User · Accepted Answer

Functionality is supposed to be broken in jQuery 1.5.

Since jQuery 1.5.1 you should use xhrFields param.

$.ajaxSetup({
    type: "POST",
    data: {},
    dataType: 'json',
    xhrFields: {
       withCredentials: true
    },
    crossDomain: true
});

Docs: http://api.jquery.com/jQuery.ajax/

Reported bug: http://bugs.jquery.com/ticket/8146

User · Answer

In jQuery 3 and perhaps earlier versions  the following simpler config also works for individual requests     ajax           https   foo bar com                        dataType   json               xhrFields                    withCredentials  true                            success  successFunc                    The full error I was getting in Firefox Dev Tools -  Network tab  in the Security tab for an individual request  was      An error occurred during a connection to foo bar com SSL peer was   unable to negotiate an acceptable set of security parameters Error   code  SSL ERROR HANDSHAKE FAILURE ALERT

User · Answer

You can use the beforeSend callback to set additional parameters  The XMLHTTPRequest object is passed to it as its only parameter     Just so you know  this type of cross-domain request will not work in a normal site scenario and not with any other browser  I don t even know what security limitations FF 3 5 imposes as well  just so you don t beat your head against the wall for nothing     ajax       url   http   bar other       data    whatever  cool         type   GET       beforeSend  function xhr          xhr withCredentials   true              One more thing to beware of  is that jQuery is setup to normalize browser differences  You may find that further limitations are imposed by the jQuery library that prohibit this type of functionality

[javascript] Sending credentials with cross-domain posts?

Examples related to javascript

Examples related to jquery

Examples related to cross-domain