Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Status code = 0 when using xhrFields: { withCredentials: true } in jQuery $ajax call with Firefox

I'm using

xhrFields : { 
  withCredentials: true 
} 

in jQuery $ajax calls, in order to send session cookies within my queries.

The call gives a correct status code on my apache logs (401/200 depending if the cookie is set), but Firefox always receives a status=0 (i.e. an error in $.ajax()) If I remove this xhrFields section, status code is OK (but cookies are not sent)

Here's the response object I receive in Firefox with the xhrFields setup:

{"readyState":0,"responseText":"","status":0,"statusText":"error"}

My Apache config is CORS-enabled, and also allows Access-Control-Allow-Credentials (here are the corresponding HTTP headers)

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

Is there something missing, either in the AJAX call, or on the webserver config?

NB: This works perfectly fine in Chrome

like image 950
apassant Avatar asked Jun 29 '12 21:06

apassant


People also ask

How do you check AJAX URL is working or not?

ajax() : $. ajax({ type: 'POST', url: 'page. php', data: stuff, success: function( data ) { }, error: function(xhr, status, error) { // check status && error }, dataType: 'text' });

How get data from AJAX call in jQuery?

ajax({ type: "POST", url: 'test. php', data: {"type":"check"}, success: function(response){ alert(response); } }); There can obviously be more key-val pairs in data. In this case your alert should read: "The type you posted is check".

What is AJAX call in jQuery?

jQuery ajax() Method The ajax() method is used to perform an AJAX (asynchronous HTTP) request. All jQuery AJAX methods use the ajax() method. This method is mostly used for requests where the other methods cannot be used.


1 Answers

You probably have to specify the Access-Control-Allow-Origin header more explicitly than *.

https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials says:

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding.

like image 182
Jeremy Avatar answered Nov 10 '22 14:11

Jeremy