Opened 11 years ago

Closed 10 years ago

Last modified 8 years ago

#11820 closed enhancement (fixed)


Reported by: igo Owned by: Bryan Forbes
Priority: high Milestone: 1.8
Component: IO Version: 1.5
Keywords: xhr, withCredentials, CORS Cc:
Blocked By: Blocking:


there is no way how to use Cross-Origin Resource Sharing and with credentials ( because withCredentials cannot be set. I suppose adding new param to dojo.xhr* that will enable withCredentials setting to true

Attachments (1)

xhr.js.patch (1012 bytes) - added by Goran Miskovic 11 years ago.
Please note that patch is not throughly tested

Download all attachments as: .zip

Change History (14)

comment:1 Changed 11 years ago by Adam Peller

Milestone: 1.5.1tbd

Changed 11 years ago by Goran Miskovic

Attachment: xhr.js.patch added

Please note that patch is not throughly tested

comment:2 Changed 10 years ago by Simone Bordet

Fixing this issue is important for CometD (, which uses Dojo heavily.

The patch looks good to me, and it is in line with what suggested for jQuery (see, section "xhrFields").

comment:3 Changed 10 years ago by Prutkar

Cross-origin services are growing and this is still missing in dojo. It looks like the fix is very simple but it is out there for more then a year. It would be very nice if dojo would try to keep up with latest technologies or else web developers will be forced to switch and start using jquery it seems.

comment:4 Changed 10 years ago by lee

Any updates on this and future target version?

comment:5 Changed 10 years ago by dante

Milestone: tbd1.7.1
Owner: changed from James Burke to dante
Status: newassigned

comment:6 Changed 10 years ago by bill


These didn't make it into the 1.7.1RC, so bumping them to 1.7.2 (as stated in the email I sent yesterday).

comment:7 Changed 10 years ago by Colin Snover


Enhancements should not go to point release.

comment:8 Changed 10 years ago by nickmaynard

My testing indicates:

Chromium: Works fine. Mobile Safari (iOS 5): No effect; probably browser's fault, though.

Other browsers: Untested.

Getting this support in ASAP would I think be helpful.

comment:9 Changed 10 years ago by bill

Owner: changed from dante to Bryan Forbes

Bulk change to reassign IO tickets to Bryan, since he is working on new dojo/request module. Some of these tickets should probably be closed as already fixed, invalid, or wontfix.

comment:10 Changed 10 years ago by kurtjlidl

For what it's worth, I tested this patch yesterday on a variety of browsers:

  • Chrome (19.0.1084.46 m)
  • Firefox (12.0)
  • iPad iOS (5.1.1)

The patch works fine, and the browsers will all send cookies when the withCredentials property is set to 'true' to third-party servers.

comment:11 Changed 10 years ago by Bryan Forbes

In [28797]:

Implement "withCredentials". refs #11820 !strict

comment:12 Changed 10 years ago by Bryan Forbes

Resolution: fixed
Status: assignedclosed

comment:13 Changed 8 years ago by owainb

Could this feature be documented please. This is the only place I could find it mentioned and it was exactly what I needed. Thanks.

Note: See TracTickets for help on using tickets.