cross-domain ajax request cookie problem
1,358 views
Skip to first unread message
phoenix
Jan 22, 2010, 2:44:54 AM1/22/10
to Chromium-extensions
I have a server A that uses cookie-based session, and I'm making an
extension to talk to the server, to post some data from the current
page to server A (authentication required). After I logged in on
server A, session cookie is set on domain A, but when I do ajax
request from my extension to post data to server A, the cookie is not
sent(not logged in ).
Maybe there's some security restrictions?
Is there a way to maintain my login status on server A while making
ajax request from my extension.
extension to talk to the server, to post some data from the current
page to server A (authentication required). After I logged in on
server A, session cookie is set on domain A, but when I do ajax
request from my extension to post data to server A, the cookie is not
sent(not logged in ).
Maybe there's some security restrictions?
Is there a way to maintain my login status on server A while making
ajax request from my extension.
Peter Blazejewicz
Jan 22, 2010, 11:33:55 AM1/22/10
to Chromium-extensions
Hi,
in specs there is "withCredentials" property for newer XMLHttpRequest
implementations which is exactly for maintaining session/authorization
during ajax calls,
see e..g discussion:
https://developer.mozilla.org/en/HTTP_access_control#Requests_with_credentials
It is available as property on XHR created with Chrome, so you could
investigate that topic (i.e. what is Chrome client implementation of
that feature of XHR) a little further (I'm interested in that subject
as well so could help with digging that topic a little further),
regards,
Peter
Reply all
Reply to author
Forward
0 new messages