Mariusz Mariusz - 7 months ago 36
Javascript Question

CORS cookie with domain field is setting only in Firefox using jQuery AJAX

I am not able to set cookie when

domain
filed is added using cross site request. I am trying to achieve that by calling request through jquery ajax.

Is it possible to get it working in other browsers than firefox?

Some request Headers:

Accept:application/json, text/javascript, */*; q=0.01
Content-Length:55
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:53862
Origin:http://localhost:54265
Referer:http://localhost:54265/


Response Headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, origin, content-type, accept, Proxy-Connection
Access-Control-Allow-Methods:GET,POST,PUT,OPTIONS, DELETE
Access-Control-Allow-Origin:http://localhost:54265
Set-Cookie:Auth=l_hash=123456&user=xyzl&remember_me=false; expires=Fri, 18 Jan 2013 13:42:10 GMT; domain=localhost; path=/


Code:

$.ajax({
type: "PUT",
url: apiHost + "api/account/login/",
data: $("#loginBarForm").serialize(),
dataType: "json",
contentType: "application/x-www-form-urlencoded; charset=UTF-8",
crossDomain: true,

xhrFields: {
withCredentials: true
},
});


Everything is fine in firefox. Chrome is not setting cookie. Only if domain field is removed all is working on every browser. I can see that in next request (after setting cookie) that cookie appears in header. Example from firefox request after response setting cookie (when response had domain field):

Cookie: Auth=l_hash=123456&user=xyz&remember_me=false

Answer

I think the problem can be with localhost, which is not a valid domain for Set-Cookie header. According to RFC, it must contain at least one "embedded" dot. FireFox may implement this in a less restrictive way. Try your IP-address instead.

Comments