DEV Community 👩‍💻👨‍💻

fuchiao
fuchiao

Posted on

set cookies for cross origin requests

When http://portal sent a request to http://auth, http://auth failed to set user's cookie.

Set credential flag for request and modified the following response headers to fix it [1], [2]:

  • Access-Control-Allow-Origin (request.Header.Origin, no wildcard allowed)
  • Vary (Origin)
  • Access-Control-Allow-Credentials (true)

And we can followe w3schoool article to test cross domain request by browser console.

var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
    console.log(this);
};
xhttp.open("GET", "http://auth", true);
xhttp.send(); 

Top comments (0)

Meeting a new developer

Stop by this week's meme thread!