I've noticed that certain browsers do not seem to support withCredentials in CORS requests, at least under some conditions. Specifically, in IE 10, attempting to set xhr.withCredentials = true
results in:
SCRIPT5022: InvalidStateError
and in Safari 5 (but not 6) I get
INVALID_STATE_ERR: DOM Exception 11: An attempt was made to use an object that is not, or is no longer, usable.
again, in response to the same statement.
Are these known problems, or am I setting up my XHR wrong somehow? Is there a list of which browsers support withCredentials
?
The August 16, 2011 XHR draft specifies a rule for setting withCredentials
:
When set: throws an
INVALID_STATE_ERR
exception if the state is not OPENED or if thesend()
flag is true.
However, the January 17, 2012 draft is more permissive:
When set: throws an
InvalidStateError
exception if the state is not UNSENT or OPENED, or if thesend()
flag is set.
You are probably setting withCredentials
before calling .open
, which is disallowed by the 2011 spec but allowed by the 2012 spec. To comply with both, simply move your property assignment after your call to .open
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With