stackoom
  简体   繁体   中英

Cookie in AJAX response from other domain not honored - are there workarounds

 原文  2016-05-07 15:57:40       ajax/ api/ cookies/ cross-domain

Question

I have a server-side API on the domain api.example.com

User is visiting www.website.com where a script makes an XmlHttpRequest to api.example.com and gets a response with a cookie.

It appears the API's response cookie is not honored by the HTTP agent.

I'm aware of the non-cross-domain-leaking-cookie policy, but I thought the domain here would be api.example.com . Seems I guessed wrong.

Is there some other way that my API on api.example.com could remember user data from one site to another? If not, how could services like Criteo and other retargeting sites work, from this point of view?

1 answers

solution1
 1 ACCPTED  2016-05-08 17:25:15

Make sure your API set:

  1. Access-Control-Allow-Credentials header to true in possible preflight response and regular response,
  2. Access-Control-Allow-Origin header to value of the origin from the actual request,
  3. and client sets XMLHttpRequest.withCredentials to true .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get ajax response from other domain? Magento 2 Add to cart using Ajax on response from other domain Cross-Domain AJAX workarounds without jQuery How to set cookie in browser from ajax response How to get a cookie from an AJAX response? jQuery ajax ifModified not honored on call for cached response when should be 304 Ajax GET response from PHP cross domain How can I get a cookie that came in a response from a different domain? Setting cookie when an Ajax requested is returned from a different domain prototype ajax fetching images from other domain
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM