Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CORS request - why are the cookies not sent?

Tags:

html

jquery

cors

google-chrome

I have a cross-domain AJAX GET which gets pre-flighted successfully, but the cookies don't get attached to the GET request. When the user clicks a log in button, a POST is made to log the user in, which works correctly cross domain. The JavaScript is:

        $.ajax(signin_url, {
            type: "POST",
            contentType: "application/json; charset=utf-8",
            data: JSON.stringify(credentials),
            success: function(data, status, xhr) {
                signInSuccess();
            },
            error: function(xhr, status, error) {
                signInFailure();
            },
            beforeSend: function(xhr) {
                xhr.withCredentials = true
            }
        });

The response headers include a cookie:

Set-Cookie:user_token=snippysnipsnip; path=/; expires=Wed, 14-Jan-2032 16:16:49 GMT

If sign-in succeeds, a JavaScript GET request is made to get the current user's details:

function signInSuccess() {
    $.ajax(current_user_url, {
        type: "GET",
        contentType: "application/json; charset=utf-8",
        success: function(data, status, xhr) {
            displayWelcomeMessage();
        },
        beforeSend: function(xhr) {
            xhr.withCredentials = true;
        }
    });
}

The CORS-related headers returned from Chrome's OPTIONS request are:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:http://192.168.0.5
Access-Control-Max-Age:1728000

However, no cookies are sent on the GET request.

like image 598
jim_vx Avatar asked Jan 14 '12 16:01

jim_vx

People also ask

Why is Cookie not being sent?

If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.

1 Answers

The issue was with the jQuery calls - it seems since 1.5 withCredentials should be specified as:

        $.ajax("http://localhost:3000/users/current", {
            type: "GET",
            contentType: "application/json; charset=utf-8",
            success: function(data, status, xhr) {
                hideAllContent();
                $("#sign_out_menu_item").show();
                $("#sign_in_menu_item").hide();
                $("#welcome").text("Welcome " + data["username"] + "!");
                $("#welcome").show();
            },
            xhrFields: {
                withCredentials: true
            },
            crossDomain: true
        });
like image 53
jim_vx Avatar answered Oct 20 '22 02:10

jim_vx
Sign in to Comment

Related questions

Add / remove input field dynamically with jQuery
What does !function ($) { $(function(){ }) }(window.jQuery) do?
How can I select an element by ID with jQuery using regex?
Looping through list items with jQuery
JQuery .data() not working?
Sorting JSON by values
jQuery / Programmatically Select an Option in Select Box
Bind event to right mouse click
After all $(document).ready() have run, is there an event for that?
Unexpected token ILLEGAL in webkit
iterate through a map in javascript
How to set minDate to current date in jQuery UI Datepicker?
How to detect chrome and safari browser (webkit)
jQuery - find table row containing table cell containing specific text
Capturing a form submit with jquery and .submit
Why does multiple modal using twitter bootstrap got error too much recursion?
jQuery UI Autocomplete - menu disappears on hover
struts2 optiontransferselect retrieve and display value from database
MVC custom validation: compare two dates
ASP.NET MVC modal dialog/popup best practice

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!