CORS request - why are the cookies not sent?
38,146
The issue was with the jQuery calls - it seems since 1.5 withCredentials should be specified as:
$.ajax("http://localhost:3000/users/current", {
type: "GET",
contentType: "application/json; charset=utf-8",
success: function(data, status, xhr) {
hideAllContent();
$("#sign_out_menu_item").show();
$("#sign_in_menu_item").hide();
$("#welcome").text("Welcome " + data["username"] + "!");
$("#welcome").show();
},
xhrFields: {
withCredentials: true
},
crossDomain: true
});
Author by
jim_vx
Updated on July 08, 2022Comments
-
jim_vx almost 2 years
I have a cross-domain AJAX GET which gets pre-flighted successfully, but the cookies don't get attached to the GET request. When the user clicks a log in button, a POST is made to log the user in, which works correctly cross domain. The JavaScript is:
$.ajax(signin_url, { type: "POST", contentType: "application/json; charset=utf-8", data: JSON.stringify(credentials), success: function(data, status, xhr) { signInSuccess(); }, error: function(xhr, status, error) { signInFailure(); }, beforeSend: function(xhr) { xhr.withCredentials = true } });
The response headers include a cookie:
Set-Cookie:user_token=snippysnipsnip; path=/; expires=Wed, 14-Jan-2032 16:16:49 GMT
If sign-in succeeds, a JavaScript GET request is made to get the current user's details:
function signInSuccess() { $.ajax(current_user_url, { type: "GET", contentType: "application/json; charset=utf-8", success: function(data, status, xhr) { displayWelcomeMessage(); }, beforeSend: function(xhr) { xhr.withCredentials = true; } }); }
The CORS-related headers returned from Chrome's OPTIONS request are:
Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow Access-Control-Allow-Methods:POST, GET, OPTIONS Access-Control-Allow-Origin:http://192.168.0.5 Access-Control-Max-Age:1728000
However, no cookies are sent on the GET request.
-
ChrisRich over 9 yearsHave spent 4 hrs on getting this to work. Wish I had seen this post before. Thanks!
-
Corey Alix about 9 yearsPUT/OPTIONS doesn't seem to work the same way. Why would cookies be sent for GET/POST but not the PUT preflight OPTIONS request?
-
Dziamid almost 9 yearsCookies are not working (not being set) on localhost. Use ip-based domain instead (e.g.
127.0.0.1
) if you need to use cookies locally.