Internet Explorer 10 is ignoring XMLHttpRequest 'xhr.withCredentials = true'

Asked
Active3 hr before
Viewed126 times

8 Answers

internetexplorer
90%

Yes, the cookie is set on domain http://b.com. Firefox and Opera both include the cookie when withCredentials is set to true, I've yet to try it out with Chrome and Safari. – Rendijs S Oct 2 '12 at 9:09 ,Furthermore, the JS snippet works fine in both Firefox and Opera.,The server is configured to work with CORS, it includes the Access-Control headers:, Note: I am seeing the same behavior when using jQuery, with xhrFields: { withCredentials: true } – Rendijs S Sep 28 '12 at 16:35

I want to do a CORS request to http://b using XMLHttpRequest (which should work, according to http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx), and include the cookie in the request. The JS is as follows:

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://b', true);
xhr.withCredentials = true;
xhr.send();
load more v
88%

I’m currently having an issue with a cross-domain ajax call using IE10 (in IE10 mode, not compatibility).,Situation: I have two domains, http://a and http://b. I have a cookie set for http://b. I am currently on page http://a.,I want to do a CORS request to http://b using XMLHttpRequest (which should work, according to http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx), and include the cookie in the request. The JS is as follows:,Update: Link is now dead, but you can see it at the Internet Archive

I want to do a CORS request to http://b using XMLHttpRequest (which should work, according to http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx), and include the cookie in the request. The JS is as follows:

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://b', true);
xhr.withCredentials = true;
xhr.send();
load more v
72%

ConstructorXMLHttpRequest(),XMLHttpRequestEventTarget,XMLHttpRequest.withCredentials,Note: This never affects same-site requests.

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/', true);
xhr.withCredentials = true;
xhr.send(null);
65%

j'ai actuellement un problème avec un appel ajax inter-domaines utilisant IE10 (en mode IE10, pas de compatibilité). , mise à jour: Link est maintenant mort, mais vous pouvez le voir à the Internet Archive , nous avons ajouté un en-tête varier : cookie et il a fonctionné.. , Situation: J'ai deux domaines, http://a et http://b . J'ai un cookie pour http://b . Je suis actuellement sur la page http://a .

je veux faire une requête CORS à http://b en utilisant XMLHttpRequest (qui devrait fonctionner, selon http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx ), et inclure le cookie dans la demande. Le JS est le suivant:

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://b', true);
xhr.withCredentials = true;
xhr.send();
load more v
75%

The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.,Note:XMLHttpRequest responses from a different domain cannot set cookie values for their own domain unless withCredentials is set to true before making the request, regardless of Access-Control- header values. ,Note: This never affects same-site requests., © 2005–2018 Mozilla Developer Network and individual contributors.Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later. https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

Example

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/', true);
xhr.withCredentials = true;
xhr.send(null);
40%

To enable cross-origin requests in FireFox, Safari, Chrome and IE 10 and later your server must attach the following headers to all responses:,These headers will enable cross-domain requests in FireFox 3.6+, Safari 4+, Chrome 4+, Edge, and IE 10+. Older versions of this browsers do not allow cross-domain requests.,Below we describe how to enable cross-origin requests in each of 4 major browsers.,If your WebDAV server is located on a different domain, on a different port or using different protocol (HTTP / HTTPS) such requests are considered to be cross-origin requests and by default are prohibited by user agent.

Access - Control - Allow - Origin: http: //webdavserver.com
   Access - Control - Allow - Credentials: true
Access - Control - Allow - Methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION - CONTROL
Access - Control - Allow - Headers: Overwrite, Destination, Content - Type, Depth, User - Agent, Translate, Range, Content - Range, Timeout, X - File - Size, X - Requested - With, If - Modified - Since, X - File - Name, Cache - Control, Location, Lock - Token, If
Access - Control - Expose - Headers: DAV, content - length, Allow
load more v
22%

Upon successful initialization of a request, the setRequestHeader method of the XMLHttpRequest object can be invoked to send HTTP headers with the request. ,XMLHttpRequest Living Standard by the WHATWG,After the open method has been invoked successfully, the readyState property of the XMLHttpRequest object should be assigned a value of 1 (OPENED).,To send an HTTP request, the send method of the XMLHttpRequest must be invoked. This method accepts a single parameter containing the content to be sent with the request.

var xmlhttp;

if (window.XMLHttpRequest) {
   xmlhttp = new XMLHttpRequest();
   xmlhttp.open("GET", filepath, false);
   xmlhttp.send(null);
}
load more v
60%

@dannyhuly it's already working. Do you set withCredentials to true when make request?,No, RequestOptionsArgs is just an interface, i.e. values are always just pure javascript objects., Construct a POST request with options which include withCredentials: true ,@amineparis can you show the code you use to create the request with withCredentials set to true? In my testing, it works.

login(username: string, password: string) {
   let data = {
      username: username,
      password: password
   }
   let optionsArgs: RequestOptionsArgs = {
      withCredentials: true
   }
   let options = new RequestOptions(optionsArgs)
   return this.http.post(environment.apiEndpoint + 'login', data, options)
      .catch((error) => {
         return Observable.throw(error.json());
      });
}
load more v

Other "internet-explorer" queries related to "Internet Explorer 10 is ignoring XMLHttpRequest 'xhr.withCredentials = true'"