Opened 7 years ago

Closed 5 years ago

Last modified 4 years ago

#11820 closed enhancement (fixed)

XMLHttpRequest.withCredentials

Reported by: igo Owned by: BryanForbes
Priority: high Milestone: 1.8
Component: IO Version: 1.5
Keywords: xhr, withCredentials, CORS Cc:
Blocked by: Blocking:

Description

there is no way how to use Cross-Origin Resource Sharing and with credentials (https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials) because withCredentials cannot be set. I suppose adding new param to dojo.xhr* that will enable withCredentials setting to true

Attachments (1)

xhr.js.patch (1012 bytes) - added by schkovich 6 years ago.
Please note that patch is not throughly tested

Download all attachments as: .zip

Change History (14)

comment:1 Changed 7 years ago by peller

  • Milestone changed from 1.5.1 to tbd

Changed 6 years ago by schkovich

Please note that patch is not throughly tested

comment:2 Changed 6 years ago by sbordet

Fixing this issue is important for CometD (http://cometd.org), which uses Dojo heavily.

The patch looks good to me, and it is in line with what suggested for jQuery (see http://api.jquery.com/jQuery.ajax, section "xhrFields").

comment:3 Changed 5 years ago by Prutkar

Cross-origin services are growing and this is still missing in dojo. It looks like the fix is very simple but it is out there for more then a year. It would be very nice if dojo would try to keep up with latest technologies or else web developers will be forced to switch and start using jquery it seems.

comment:4 Changed 5 years ago by bod

Any updates on this and future target version?

comment:5 Changed 5 years ago by dante

  • Milestone changed from tbd to 1.7.1
  • Owner changed from jburke to dante
  • Status changed from new to assigned

comment:6 Changed 5 years ago by bill

  • Milestone changed from 1.7.1 to 1.7.2

These didn't make it into the 1.7.1RC, so bumping them to 1.7.2 (as stated in the email I sent yesterday).

comment:7 Changed 5 years ago by csnover

  • Milestone changed from 1.7.2 to 1.8

Enhancements should not go to point release.

comment:8 Changed 5 years ago by nickmaynard

My testing indicates:

Chromium: Works fine. Mobile Safari (iOS 5): No effect; probably browser's fault, though.

Other browsers: Untested.

Getting this support in ASAP would I think be helpful.

comment:9 Changed 5 years ago by bill

  • Owner changed from dante to BryanForbes

Bulk change to reassign IO tickets to Bryan, since he is working on new dojo/request module. Some of these tickets should probably be closed as already fixed, invalid, or wontfix.

comment:10 Changed 5 years ago by kurtjlidl

For what it's worth, I tested this patch yesterday on a variety of browsers:

  • Chrome (19.0.1084.46 m)
  • Firefox (12.0)
  • iPad iOS (5.1.1)

The patch works fine, and the browsers will all send cookies when the withCredentials property is set to 'true' to third-party servers.

comment:11 Changed 5 years ago by BryanForbes

In [28797]:

Implement "withCredentials". refs #11820 !strict

comment:12 Changed 5 years ago by BryanForbes

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:13 Changed 4 years ago by owainb

Could this feature be documented please. This is the only place I could find it mentioned and it was exactly what I needed. Thanks.

Note: See TracTickets for help on using tickets.