Opened 7 years ago

Closed 6 years ago

Last modified 4 years ago

#11820 closed enhancement (fixed)

XMLHttpRequest.withCredentials

Reported by: igo Owned by: Bryan Forbes
Priority: high Milestone: 1.8
Component: IO Version: 1.5
Keywords: xhr, withCredentials, CORS Cc:
Blocked By: Blocking:

Description

there is no way how to use Cross-Origin Resource Sharing and with credentials (https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials) because withCredentials cannot be set. I suppose adding new param to dojo.xhr* that will enable withCredentials setting to true

Attachments (1)

xhr.js.patch (1012 bytes) - added by Goran Miskovic 7 years ago.
Please note that patch is not throughly tested

Download all attachments as: .zip

Change History (14)

comment:1 Changed 7 years ago by Adam Peller

Milestone: 1.5.1tbd

Changed 7 years ago by Goran Miskovic

Attachment: xhr.js.patch added

Please note that patch is not throughly tested

comment:2 Changed 6 years ago by Simone Bordet

Fixing this issue is important for CometD (http://cometd.org), which uses Dojo heavily.

The patch looks good to me, and it is in line with what suggested for jQuery (see http://api.jquery.com/jQuery.ajax, section "xhrFields").

comment:3 Changed 6 years ago by Prutkar

Cross-origin services are growing and this is still missing in dojo. It looks like the fix is very simple but it is out there for more then a year. It would be very nice if dojo would try to keep up with latest technologies or else web developers will be forced to switch and start using jquery it seems.

comment:4 Changed 6 years ago by lee

Any updates on this and future target version?

comment:5 Changed 6 years ago by dante

Milestone: tbd1.7.1
Owner: changed from James Burke to dante
Status: newassigned

comment:6 Changed 6 years ago by bill

Milestone: 1.7.11.7.2

These didn't make it into the 1.7.1RC, so bumping them to 1.7.2 (as stated in the email I sent yesterday).

comment:7 Changed 6 years ago by Colin Snover

Milestone: 1.7.21.8

Enhancements should not go to point release.

comment:8 Changed 6 years ago by nickmaynard

My testing indicates:

Chromium: Works fine. Mobile Safari (iOS 5): No effect; probably browser's fault, though.

Other browsers: Untested.

Getting this support in ASAP would I think be helpful.

comment:9 Changed 6 years ago by bill

Owner: changed from dante to Bryan Forbes

Bulk change to reassign IO tickets to Bryan, since he is working on new dojo/request module. Some of these tickets should probably be closed as already fixed, invalid, or wontfix.

comment:10 Changed 6 years ago by kurtjlidl

For what it's worth, I tested this patch yesterday on a variety of browsers:

  • Chrome (19.0.1084.46 m)
  • Firefox (12.0)
  • iPad iOS (5.1.1)

The patch works fine, and the browsers will all send cookies when the withCredentials property is set to 'true' to third-party servers.

comment:11 Changed 6 years ago by Bryan Forbes

In [28797]:

Implement "withCredentials". refs #11820 !strict

comment:12 Changed 6 years ago by Bryan Forbes

Resolution: fixed
Status: assignedclosed

comment:13 Changed 4 years ago by owainb

Could this feature be documented please. This is the only place I could find it mentioned and it was exactly what I needed. Thanks.

Note: See TracTickets for help on using tickets.