#11820 closed enhancement (fixed)
XMLHttpRequest.withCredentials
| Reported by: | igo | Owned by: | Bryan Forbes |
|---|---|---|---|
| Priority: | high | Milestone: | 1.8 |
| Component: | IO | Version: | 1.5 |
| Keywords: | xhr, withCredentials, CORS | Cc: | |
| Blocked By: | Blocking: |
Description
there is no way how to use Cross-Origin Resource Sharing and with credentials (https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials) because withCredentials cannot be set. I suppose adding new param to dojo.xhr* that will enable withCredentials setting to true
Attachments (1)
Change History (14)
comment:1 Changed 9 years ago by
| Milestone: | 1.5.1 → tbd |
|---|
Changed 9 years ago by
| Attachment: | xhr.js.patch added |
|---|
comment:2 Changed 8 years ago by
Fixing this issue is important for CometD (http://cometd.org), which uses Dojo heavily.
The patch looks good to me, and it is in line with what suggested for jQuery (see http://api.jquery.com/jQuery.ajax, section "xhrFields").
comment:3 Changed 8 years ago by
Cross-origin services are growing and this is still missing in dojo. It looks like the fix is very simple but it is out there for more then a year. It would be very nice if dojo would try to keep up with latest technologies or else web developers will be forced to switch and start using jquery it seems.
comment:5 Changed 8 years ago by
| Milestone: | tbd → 1.7.1 |
|---|---|
| Owner: | changed from James Burke to dante |
| Status: | new → assigned |
comment:6 Changed 8 years ago by
| Milestone: | 1.7.1 → 1.7.2 |
|---|
These didn't make it into the 1.7.1RC, so bumping them to 1.7.2 (as stated in the email I sent yesterday).
comment:7 Changed 8 years ago by
| Milestone: | 1.7.2 → 1.8 |
|---|
Enhancements should not go to point release.
comment:8 Changed 8 years ago by
My testing indicates:
Chromium: Works fine. Mobile Safari (iOS 5): No effect; probably browser's fault, though.
Other browsers: Untested.
Getting this support in ASAP would I think be helpful.
comment:9 Changed 8 years ago by
| Owner: | changed from dante to Bryan Forbes |
|---|
Bulk change to reassign IO tickets to Bryan, since he is working on new dojo/request module. Some of these tickets should probably be closed as already fixed, invalid, or wontfix.
comment:10 Changed 8 years ago by
For what it's worth, I tested this patch yesterday on a variety of browsers:
- Chrome (19.0.1084.46 m)
- Firefox (12.0)
- iPad iOS (5.1.1)
The patch works fine, and the browsers will all send cookies when the withCredentials property is set to 'true' to third-party servers.
comment:12 Changed 8 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:13 Changed 6 years ago by
Could this feature be documented please. This is the only place I could find it mentioned and it was exactly what I needed. Thanks.
Please note that patch is not throughly tested