omarkj/Subdomains, credentials and XHR.md

Created March 16, 2011 15:01

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/omarkj/872618.js"></script>
Save omarkj/872618 to your computer and use it in GitHub Desktop.

Download ZIP

XHR with credentials across subdomains

Raw

Subdomains, credentials and XHR.md

First, your HTTP server must return the correct HTTP Access Control rules

  Access-Control-Allow-Origin: "http://subdomain.domain.tld"
  Access-Control-Allow-Methods: "GET"
  Access-Control-Allow-Credentials: "true"
  Access-Control-Allow-Headers: "X-Requested-With"

During your AJAX request, set withCredentials to true

  $.ajax
    url: kodi.config.user_db
    xhrFields: {'withCredentials': true}
    success: (ctx) =>
      return true if ctx.username is not null

crcastle commented Jul 12, 2011

No, unfortunately. instead i send the user's browser to the underlying server i'm trying to get data from. this makes the browser pop an http basic auth dialog. the user fills this in and is then redirected back to the site from which he came. this works because the browser remembers basic auth credentials until the browser is closed. so for example, user lands at http://xyz.com. the html/js/css served from xyz.com is trying to make get/post/update/delete requests to http://abc.com. on the first attempt, the user is sent to http://abc.com/login. after successful login, user is sent back to http://xyz.com and has to redo his previous request.

don't really like it, but it works...