I have a JS client (app.domain.com) that connects to an API written in rails and grape (api.domain.com). CORS is set up and I have a shared cookie between the two domains as the log in is performed on the api.domain.com server.
This JS application is using Spine.js so everything is written in CoffeeScript. So to send a delete request I just use:
@item.destroy
This will send a DELETE request to the API. However the cookie is not sent along with the request header so I had to change the above line of code to this one:
$.ajax({
url: "http://api.domain.com/tasks/" + @item.id,
type: "DELETE",
crossDomain: true,
xhrFields: {
withCredentials: true
}
})
And this works perfectly. It will send a response header "Access-Control-Allow-Credentials: true" along the request so the cookie is submitted and the action is authenticated.
However, this way I will have to write lines of code for each request which is really time consuming and also voids the benefits of the Spine framework.
I know that it's possible to set default ajax settings in jQuery so that every subsequent ajax call will be using these settings. So I've tried:
jQuery.ajaxSetup({
headers: {
"X-Requested-With": "XMLHttpRequest",
"Access-Control-Allow-Credentials": "true"
}, crossDomain: true
});
Which are basically the same settings I would put for each ajax call manually. However this approach doesn't work though I see these headers in the request sent to the API (through firebug).
Am I missing something?
Thanks in advance!
Dav
Default is "application/x-www-form-urlencoded; charset=UTF-8", which is fine for most cases. If you explicitly pass in a content-type to $. ajax() , then it is always sent to the server (even if no data is sent).
The default value is 0. Which means there is no timeout. The ajax timeout option does not return any value. The jQuery ajax timeout option is passed to the ajax() function with the value to specify the timeout for the request to the server.
Yup. Ajax calls are asynchronous by nature and defaults to true. Show activity on this post. By default, all requests are sent asynchronously (i.e. this is set to true by default).
Parameters: The list of possible values are given below: type: It is used to specify the type of request. url: It is used to specify the URL to send the request to. username: It is used to specify a username to be used in an HTTP access authentication request.
Do this in the bootstrap of your client-side app:
$.ajaxSetup({
xhrFields: {
withCredentials: true
}
})
Then the server needs to respond with this cors header:
Access-Control-Allow-Credentials: true
I recently had a very similar problem and found 2 simple ways of doing this. First create java script functions to make the calls for you i.e:
function delete (url){
$.ajax({
url: url,
type: "DELETE",
crossDomain: true,
xhrFields: {
withCredentials: true
}
})
}
or if being reused on multiple pages I would suggest creating a little class which could be included and reused easily. This also makes it possible to set more than just the default settings and create functions for frequently used api calls.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With