Opened 7 years ago

Closed 6 years ago

#16485 closed defect (wontfix)

request/xhr cross-site POST request

Reported by: Michael Meder Owned by: Bryan Forbes
Priority: undecided Milestone: tbd
Component: IO Version: 1.8.0
Keywords: Cc:
Blocked By: Blocking:

Description

I tried to use dojo/request/xhr for a cross-site POST request (for async user authentifcation). Thus I set "withCredentials: true" to enable cross-site XHR. It works if the url-param is not a cross-site url. As soon as I use my cross-site url for the request, it is not send as POST request but as GET. I tried out with native JavaScript and it works cross-site even with POST, why not with dojo? Is this a Bug or did I overlook something?

Two Examples, first one works as POST request, second not:

  1. This works (will be send as POST):
    require(["dojo/request/xhr"], function(xhr) {
    	xhr("example/json/", {
    		method : "POST",
    		data : {
    			some : "data"
    		},
    		withCredentials : true
    	}).then(function(data) {
    		// Do something with the handled data
    	}, function(err) {
    		// Handle the error condition
    	}, function(evt) {
    		// Handle a progress event from the request if the
    		// browser supports XHR2
    	});
    });
    
  1. This works not (will be send as GET, although I set POST):
    require(["dojo/request/xhr"], function(xhr) {
    	xhr("http://somedomain.org/example/json/", {
    		method : "POST",
    		data : {
    			some : "data"
    		},
    		withCredentials : true
    	}).then(function(data) {
    		// Do something with the handled data
    	}, function(err) {
    		// Handle the error condition
    	}, function(evt) {
    		// Handle a progress event from the request if the
    		// browser supports XHR2
    	});
    });
    

Change History (3)

comment:1 Changed 7 years ago by bill

Component: GeneralIO
Owner: set to Bryan Forbes

comment:2 Changed 6 years ago by Michael Meder

after some months ;-), I think the problem was the

withCredentials : true

line.

I now have working solution for anybody who is interested in (I did not remove custom code inside):

sendLoginData : function() {
	var url = config.loginServer();
	var that = this;
	var formData = domForm.toQuery(this.loginForm);
	if (has("ie") < 10) {
		console.warn("IE version lower than 10, try XDomainRequest.");
		xdr = new XDomainRequest();
		xdr.onload = function() {
			var data = JSON.parse(xdr.responseText, true);
			that.saveToCookie(data, formData);
		};
		xdr.onerror = function() {
			console.error("XDR onerror");
		};
		xdr.timeout = 10000;
		try {
			xdr.open('post', url);
		} catch(err) {
			console.error(err);
		}
		xdr.send(formData);
	} else {
		require(["dojo/request/xhr"], function(xhr) {
			var request = xhr(url, {
				handleAs : "json",
				method : "POST",
				data : formData,
				headers : {
					"Content-Type" : "application/x-www-form-urlencoded",
				}
			}).then(function(data) {
				that.saveToCookie(data, formData);
			}, function(err) {
				console.error(err);
			}, function(evt) {
				// Handle a progress event from the request if the
				// browser supports XHR2
			});
		});
	}
},

I think this ticket can be closed. Thanks

comment:3 Changed 6 years ago by Bryan Forbes

Resolution: wontfix
Status: newclosed

Since XDomainRequest differs from XHR2 so dramatically, I haven't tried to get it to work with dojo/request/xhr. I may revisit this some day.

Note: See TracTickets for help on using tickets.