Opened 7 years ago

Closed 5 years ago

Last modified 4 years ago

#11820 closed enhancement (fixed)


Reported by: igo Owned by: BryanForbes
Priority: high Milestone: 1.8
Component: IO Version: 1.5
Keywords: xhr, withCredentials, CORS Cc:
Blocked by: Blocking:


there is no way how to use Cross-Origin Resource Sharing and with credentials ( because withCredentials cannot be set. I suppose adding new param to dojo.xhr* that will enable withCredentials setting to true

Attachments (1)

xhr.js.patch (1012 bytes) - added by schkovich 6 years ago.
Please note that patch is not throughly tested

Download all attachments as: .zip

Change History (14)

comment:1 Changed 7 years ago by peller

  • Milestone changed from 1.5.1 to tbd

Changed 6 years ago by schkovich

Please note that patch is not throughly tested

comment:2 Changed 6 years ago by sbordet

Fixing this issue is important for CometD (, which uses Dojo heavily.

The patch looks good to me, and it is in line with what suggested for jQuery (see, section "xhrFields").

comment:3 Changed 6 years ago by Prutkar

Cross-origin services are growing and this is still missing in dojo. It looks like the fix is very simple but it is out there for more then a year. It would be very nice if dojo would try to keep up with latest technologies or else web developers will be forced to switch and start using jquery it seems.

comment:4 Changed 6 years ago by bod

Any updates on this and future target version?

comment:5 Changed 6 years ago by dante

  • Milestone changed from tbd to 1.7.1
  • Owner changed from jburke to dante
  • Status changed from new to assigned

comment:6 Changed 6 years ago by bill

  • Milestone changed from 1.7.1 to 1.7.2

These didn't make it into the 1.7.1RC, so bumping them to 1.7.2 (as stated in the email I sent yesterday).

comment:7 Changed 5 years ago by csnover

  • Milestone changed from 1.7.2 to 1.8

Enhancements should not go to point release.

comment:8 Changed 5 years ago by nickmaynard

My testing indicates:

Chromium: Works fine. Mobile Safari (iOS 5): No effect; probably browser's fault, though.

Other browsers: Untested.

Getting this support in ASAP would I think be helpful.

comment:9 Changed 5 years ago by bill

  • Owner changed from dante to BryanForbes

Bulk change to reassign IO tickets to Bryan, since he is working on new dojo/request module. Some of these tickets should probably be closed as already fixed, invalid, or wontfix.

comment:10 Changed 5 years ago by kurtjlidl

For what it's worth, I tested this patch yesterday on a variety of browsers:

  • Chrome (19.0.1084.46 m)
  • Firefox (12.0)
  • iPad iOS (5.1.1)

The patch works fine, and the browsers will all send cookies when the withCredentials property is set to 'true' to third-party servers.

comment:11 Changed 5 years ago by BryanForbes

In [28797]:

Implement "withCredentials". refs #11820 !strict

comment:12 Changed 5 years ago by BryanForbes

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:13 Changed 4 years ago by owainb

Could this feature be documented please. This is the only place I could find it mentioned and it was exactly what I needed. Thanks.

Note: See TracTickets for help on using tickets.