intercept response header with jquery ajax request

Question

Exactly what the title suggests:

I perform an ajax request to my server, it responds with a 403 but there are headers I want to retrieve and save on localStorage. This is for a phonegap app (Android and iOS), so the initiating domain isLocal (file://). When performing the call, I use the following code to try to intercept the response, but it returns undefined or an empty string.

Ajax:

    $.ajax({
        url: serverLink+action,
        type: "POST",
        data: "access_token="+accessToken+"&uid="+uid,
        crossDomain: true,
        complete: function(resp){
            var header = resp.getAllResponseHeaders();
            var match = header.match(/(Set-Cookie|set-cookie): (.+?);/);
            if (match) session = match[2];
            console.log(header, session)
        }
    })

Response Headers

Connection  Keep-Alive
Content-Encoding    gzip
Content-Length  1198
Content-Type    text/html
Date    Fri, 13 Apr 2012 22:51:02 GMT
Keep-Alive  timeout=15, max=100
Server  Apache/2.2.14 (Ubuntu)
Set-Cookie  sessionid=ebd26167e32bada2d2ed0bd3cc16d8a2; expires=Fri, 27-Apr-2012 22:51:02 GMT; Max-Age=1209600; Path=/
Vary    Cookie,Accept-Encoding

Further reading led me to here , which speaks of the CSRF on a django server. We are using a django server and either this or the 403 is the problem I suspect. There doesn't seem to be a way (from the example answer there) to collect the cookie from webview and send it back to the server on subsequent requests.

Answer 1

use the jquery XHR object which as a method getAllResponseHeaders() which should provide what you are after.

http://api.jquery.com/jQuery.ajax/

Answer 2

This problem was most definitely caused by CSRF protection on the django server. Disabling or implementing workarounds as per django is the only way around this.

Actually this post helped tremendously: Django CSRF check failing with an Ajax POST request