Jquery Ajax CORS + HttpOnly Cookie

Question

I have got CORS working on my current project, although one thing I cannot seem to get working correctly is the cookies.

Now I get the cookie fine, the server issues it and sends it down and firefox accepts it, I can see it in the firebug cookies section. However when I make subsequent calls to that service it doesnt seem to send the cookie in the header...

GET /some/entity/ HTTP/1.1
Host: localhost:1837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://localhost:6879
Origin: http://localhost:6879

Do I need to do anything special with my ajax call?

var ajaxOptions = {
    url: serviceResourceUrl,
    type: "get",
    dataType: "json",
    success: successCallback,
    error: failedCallback,
    xhrFields: { withCredentials: true }
};

$.ajax(ajaxOptions);

Answer 1

Try using the beforeSend property instead of xhrFields. In your case:

var ajaxOptions = {
    url: serviceResourceUrl,
    type: "get",
    dataType: "json",
    success: successCallback,
    error: failedCallback,
    beforeSend: function(xhr){
      xhr.withCredentials = true;
    }
};

$.ajax(ajaxOptions);

You can learn more here: Sending credentials with cross-domain posts?