XMLHttpRequest doesn’t send Cookie for Cross-Origin URLs
-
There is an issue related to CORS. By default XMLHttpRequest doesn’t send cookies if it isn’t same origin (even if it’s same domain). It’s easy to fix it – https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
So, simple solution is adding
request.withCredentials = true;beforerequest.send. Also, wp-slimstat allows external domains on CORS requests and it’s helpful in this case.Also, it isn’t only case with different domains. In my case, origin is different because old parts of website still use https:// protocol, but AJAX handler uses https://. This solution works perfectly in this case. (I tested it on couple websites).
You can read more on https://stackoverflow.com/questions/40725317/why-is-xmlhttprequest-withcredentials-necessary-even-for-same-site-ajax-requests
Maybe we could improve
setcookie(support for subdomains,…), I’m checking possible solutions and I’ll write when I know more details. Then, we will have complete solution for CORS.I hope that helps.
Regards,
Sasa
- The topic ‘XMLHttpRequest doesn’t send Cookie for Cross-Origin URLs’ is closed to new replies.
