Best IT Recipes

Cross-domain credential sending?

According to Credential Requests , Firefox will only send credentials along with messages in different domains if

invocation.withCredentials = "true";

installed ... But it does not look like jQuery. The Ajax API provides any mechanism for this.

Is there something I missed? Is there any other way I can do this?

+63
javascript jquery cross-domain
Jan 13
source share
3 answers

It is assumed that the functionality will be broken into jQuery 1.5.

Since jQuery 1.5.1 you should use the xhrFields parameter.

 $.ajaxSetup({ type: "POST", data: {}, dataType: 'json', xhrFields: { withCredentials: true }, crossDomain: true });

Docs: http://api.jquery.com/jQuery.ajax/

Report a bug: http://bugs.jquery.com/ticket/8146

+122
Aug 25 '11 at 12:38
source share

You can use the beforeSend to set additional parameters (the XMLHTTPRequest object is passed to it as a single parameter).

Just to let you know, this type of cross-domain request will not work in a normal site script, and not in any other browser. I don’t even know what security restrictions are imposed by FF 3.5, just so that you don’t hit your head against the wall for anything:

 $.ajax({ url: 'http://bar.other', data: { whatever:'cool' }, type: 'GET', beforeSend: function(xhr){ xhr.withCredentials = true; } });

Another thing to worry about is that jQuery is set up to normalize browser differences. You may find that additional restrictions are imposed by the jQuery library, which prohibit this type of function.

+38
Jan 13 '10 at 4:19
source share

In jQuery 3 and possibly earlier versions, the following simplified configuration also works for individual queries:

 $.ajax( 'https://foo.bar.com, { dataType: 'json', xhrFields: { withCredentials: true }, success: successFunc } );

The full error I received in Firefox Dev Tools β†’ Network tab (Security tab for a separate request):

An error occurred while connecting to foo.bar.com.SSL. Failed to negotiate a valid set of security settings. code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

0
Nov 17 '17 at 9:58 on
source share


More articles:


All Articles