CORS request is not sending cookies
Hello,
I have posted this question to different forums but didn't get a single answer. So, will try here.
I use blueimp/jQuery-File-Upload script for cross domain (subdomain) uploads. The main page is www.example.com and I upload files to st2.example.com.
Everything works fine but the problem is that I need to send cookies with each request and for some reason it's not possible. Cookies are being sent only with HEAD requests. The documentation of this script says:
This does not work for me. I tried to add the line
in three different places:
First 2 does not work at all. The third works only for HEAD requests. HEAD requests send cookies but OPTIONS and POST not. I checked this in browser console in Firefox and Chrome.
My question is: where is the problem that OPTIONS and POST requests does not send any cookies?
Below is my script. This example contains "withCredentials: true" in all 3 places where I have tested it.
File on st2.example.com contains:
I have posted this question to different forums but didn't get a single answer. So, will try here.
I use blueimp/jQuery-File-Upload script for cross domain (subdomain) uploads. The main page is www.example.com and I upload files to st2.example.com.
Everything works fine but the problem is that I need to send cookies with each request and for some reason it's not possible. Cookies are being sent only with HEAD requests. The documentation of this script says:
If you need to send along cookies (e.g. for authentication), set the withCredentials $.ajax() setting as fileupload widget option:
- $('#fileupload').fileupload('option', {
- xhrFields: {
- withCredentials: true
- }
- });
This does not work for me. I tried to add the line
- withCredentials: true
in three different places:
- to $('#fileupload').fileupload({
- to $('#fileupload').fileupload('option', {
- to $.ajax({
First 2 does not work at all. The third works only for HEAD requests. HEAD requests send cookies but OPTIONS and POST not. I checked this in browser console in Firefox and Chrome.
My question is: where is the problem that OPTIONS and POST requests does not send any cookies?
Below is my script. This example contains "withCredentials: true" in all 3 places where I have tested it.
- <script>
- var defaultthumbnail = '<img class="thum5" src="/upload.png">';
- $(function () {
- var formData = $('#fileupload').serializeArray();
- 'use strict';
- $('#fileupload').fileupload({
- xhrFields: {withCredentials: true},
- url:'//st2.example.com/',
- });
- $('#fileupload').fileupload('option', {
- acceptFileTypes: /(\.|\/)(jpe?g)$/i,
- autoUpload:true,
- maxNumberOfFiles:20,
- maxFileSize:4000000,
- xhrFields: {withCredentials: true},
- disableImageResize: /Android(?!.*Chrome)|Opera/
- .test(window.navigator.userAgent)
- });
- if ($.support.cors) {
- $.ajax({
- xhrFields: {withCredentials: true},
- url: $('#fileupload').fileupload('option', 'url'),
- type: 'HEAD'
- }).fail(function () {
- $('<div class="error"/>')
- .text('Server is not available')
- .appendTo('#fileupload');
- });
- }
- });
- </script>
File on st2.example.com contains:
- header('Access-Control-Allow-Origin: http://www.example.com');
- header("Access-Control-Allow-Credentials: true");
- header('Access-Control-Allow-Methods: HEAD, GET, PUT, POST, OPTIONS');
- header('Access-Control-Allow-Headers: Content-Type, Content-Range, Content-Disposition, Content-Description');
Topic Participants
tikaipasivs
jakecigar