科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Issue in this.withCredentials attribute in Cross Origin Resource Sharing - Stack Overflow

    javascript - Issue in this.withCredentials attribute in Cross Origin Resource Sharing - Stack Overflow

    programmeradmin1浏览0评论

    We are implementing an AngularJS based application which uses a rest web service hosted in a different domain. The following script is used for CORS and it works perfectly on Chrome and FireFox. It has an issue in IE9 and Safari when authenticating. It seems the issue is with the withCredentials attribute in those browsers. Is there any other way that IE and Safari supports CORS?

    <script type="text/javascript">
     XMLHttpRequest.prototype.realSend = XMLHttpRequest.prototype.send;
     XMLHttpRequest.prototype.send = function(vData) {
        this.withCredentials = true;
        this.realSend.apply(this, arguments);
     };
</script>

    We are implementing an AngularJS based application which uses a rest web service hosted in a different domain. The following script is used for CORS and it works perfectly on Chrome and FireFox. It has an issue in IE9 and Safari when authenticating. It seems the issue is with the withCredentials attribute in those browsers. Is there any other way that IE and Safari supports CORS?

    <script type="text/javascript">
     XMLHttpRequest.prototype.realSend = XMLHttpRequest.prototype.send;
     XMLHttpRequest.prototype.send = function(vData) {
        this.withCredentials = true;
        this.realSend.apply(this, arguments);
     };
</script>
    • javascript
    • angularjs
    • cors
    Share Improve this question edited Oct 7, 2013 at 10:50 Shanaka asked Oct 7, 2013 at 9:30 ShanakaShanaka 1,7383 gold badges21 silver badges43 bronze badges 2
    • If you are asking about credentialed cross origin requests in IE9 or older, the answer is "not supported". These browsers only have limited CORS support via XDomainRequest. – Ray Nicholus Commented Oct 7, 2013 at 12:37
    • Nop. I'm asking for IE10+ versions – Shanaka Commented Oct 8, 2013 at 3:51
    Add a ment  | 

    1 Answer 1

    Reset to default 7

    According to the different scenarios we tried we could e up with following summary. Hope that would be useful.

    1. According to the browser specifications IE10+ and Safari 4+ versions supports XHR and withCredentials attribute.
    2. That can be used for CORS without any issue as in the above script.
    3. For other IE versions (9-) we need to use XDR.
    4. URL rewrite mod was not successful with the server side when it es to HTTPS.

    The solution was very simple. By default IE and Safari have disabled the 3rd party cookies. Since we use two different domains once a user enters the credentials to login, those browsers were unable to save that cookie. Because of that all other requests were unauthorized.

    Steps for allowing 3rd party cookies

    • IE 10 - Internet Options > Privacy > Advanced > Third Party Cookies > Accept
    • Safari - Preferences > Privacy > Block Cookies > Never

    Due to this problem we found that in AngularJS version 1.1.1+ they have made it easy by setting the ‘withCredentials’ value in ‘config’ module ( $httpProvider.defaults.withCredentials = true;)

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论