Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I SET a Cookie (header) with XMLHttpRequest in JavaScript?

Tags:

javascript

jquery

ajax

jqxhr

I'm trying to set a Cookie in a XSS request using XMLHttpRequest.

I found the XMLHttpRequest Specification, and section 4.6.2-5 does seem to suggest that setting Cookie, Cookie2, and some other headers are not allowed, but I was hoping there was a work around.

My (jQuery) code is below, but the resulting query fails as the cookie is NOT set.

$.ajax( {   type : "POST",   url : URL,   data: SOAP_INBOX_MAIL_QUERY,   dataType : "xml",   async: false,   beforeSend : function(xhr) {       var cookie = credentials["COOKIE"];     console.info( "adding cookie: "+ cookie );               xhr.setRequestHeader('Cookie', cookie);   },   success : function(data, textStatus, xmLHttpRequest){     },   error : function(xhr, ajaxOptions, thrownError) {     credentials = null;   } });
like image 920
barryred Avatar asked Feb 23 '10 17:02

barryred

People also ask

How do I set cookies in XMLHttpRequest?

var xhr = new XMLHttpRequest(); xhr. open("GET", url, false); xhr. withCredentials = true; xhr. setRequestHeader('Cookie', 'mycookie=cookie'); xhr.

How do you set a cookie header?

The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.

Can you set a cookie in JavaScript?

Create a Cookie with JavaScriptJavaScript can create, read, and delete cookies with the document. cookie property. With JavaScript, a cookie can be created like this: document.

How do I get the response header cookie?

Just set the Set-Cookie header in the response from the server side code. The browser should save it automatically. As a developer, you may be able to inspect the value of the cookies using "Developer Tools". And the same cookie will be sent in subsequent requests to the same domain, until the cookie expires.

2 Answers

This can be done. You need the following in the $.ajax call:

xhrFields: {     withCredentials: true }

(See the jQuery docs), and you'll also need the site you're making the request to to support CORS (they will at least need to allow you origin and also to set the Access-Control-Allow-Credentials HTTP header to true).

There's no question it works. You can do it over HTTPS, with Basic Auth, etc. jQuery will send everything (the auth header, cookies) if you tell it to (xhrFields) and the site provides the right CORS headers. Don't give up!

like image 190
terrycojones Avatar answered Sep 22 '22 12:09

terrycojones

For security reasons, you will be unable to modify the header during an XMLHTTPRequest.

like image 32
Gabriel McAdams Avatar answered Sep 21 '22 12:09

Gabriel McAdams
Sign in to Comment

Related questions

Karma runner console - output only failed tests
Filter an array based on an object property [duplicate]
How can I add predefined length to audio recorded from MediaRecorder in Chrome?
Typescript interface optional properties depending on other property
Sum all data in array of objects into new array of objects
Is there an official style guide or naming convention for React based projects?
jQuery: How to select "from here until the next H2"?
JavaScript class - Call method when object initialized
How to get URL from browser address bar?
Models of concurrency in nodejs
How to wait for another JS to load to proceed operation?
When to use touchmove vs mousemove?
How to make a preselection for a select list generated by AngularJS?
Turning off div wrap for Backbone.Marionette.ItemView
Disable some characters from input field
What is the right way to write my script 'src' url for a local development environment?
How does react-router pass params to other components via props?
Adding +"" to string appends "0"
How to filter a dictionary by value in JavaScript?
Hide div onclick in Vue.js

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!