Using jQuery 1.8.2
I am making a CORS request to an application from one AppServer (Front) to another AppServer (Back) server. When I make the following Ajax calls from Front, the 302 response (security check) from Back is executed, but my JSESSIONID cookie is not saved:
$.ajax({ url : url, dataType : 'html', success : function(data, status, xhr) { $(dataContainer).append(data); }, complete: function(xhr, status, error) { if (xhr.status != 200) { $.logger(xhr.getResponseHeader('Location')); } } });
Now, if I make the same call but add inCredentials, my JSESSIONID will be saved correctly, but the 302 redirect will be removed. Both Chrome and Firefox (the latest versions of both) simply stop processing the request.
$.ajax({ xhrFields: { withCredentials: true }, url : url, dataType : 'html', success : function(data, status, xhr) { $(dataContainer).append(data); }, complete: function(xhr, status, error) { if (xhr.status != 200) { $.logger(xhr.getResponseHeader('Location')); } } });
I am trying to remove the xhr object redirection location header, but it is empty.
I set the following for all answers coming from Back:
response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS"); response.setHeader("Access-Control-Max-Age", "1728000"); response.setHeader("Access-Control-Allow-Headers", "Cookie,X-Requested-With"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Expose-Headers", "Location");
Obviously, I will limit Origin when / if I can get it to work.
Does anyone know what it takes to work with jQuery? Is this a jQuery issue or has anyone come across all Ajax + CORS requests?