By David Wolever


2010-01-13 04:04:21 8 Comments

According to Requests with credentials, Firefox will only send credentials along with cross-domain posts if

invocation.withCredentials = "true";

is set… But it doesn't seem like jQuery's Ajax API provides any mechanism for this.

Is there something I've missed? Is there some other way I can do it?

3 comments

@chim 2017-11-17 09:58:16

In jQuery 3 and perhaps earlier versions, the following simpler config also works for individual requests:

$.ajax(
        'https://foo.bar.com,
        {
            dataType: 'json',
            xhrFields: {
                withCredentials: true
            },
            success: successFunc
        }
    );

The full error I was getting in Firefox Dev Tools -> Network tab (in the Security tab for an individual request) was:

An error occurred during a connection to foo.bar.com.SSL peer was unable to negotiate an acceptable set of security parameters.Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

@Doug Neiner 2010-01-13 04:19:18

You can use the beforeSend callback to set additional parameters (The XMLHTTPRequest object is passed to it as its only parameter).

Just so you know, this type of cross-domain request will not work in a normal site scenario and not with any other browser. I don't even know what security limitations FF 3.5 imposes as well, just so you don't beat your head against the wall for nothing:

$.ajax({
    url: 'http://bar.other',
    data: { whatever:'cool' },
    type: 'GET',
    beforeSend: function(xhr){
       xhr.withCredentials = true;
    }
});

One more thing to beware of, is that jQuery is setup to normalize browser differences. You may find that further limitations are imposed by the jQuery library that prohibit this type of functionality.

@Xosofox 2012-09-12 09:46:37

According to api.jquery.com/jQuery.post it should be type: "GET" and not method: 'GET' I tripped over it when using your example

@Brad 2015-06-11 23:16:46

@Xosofox I know this is an old comment, but as of jQuery 1.9, method: 'GET' is supported. api.jquery.com/jquery.ajax

@Kangur 2011-08-25 12:38:24

Functionality is supposed to be broken in jQuery 1.5.

Since jQuery 1.5.1 you should use xhrFields param.

$.ajaxSetup({
    type: "POST",
    data: {},
    dataType: 'json',
    xhrFields: {
       withCredentials: true
    },
    crossDomain: true
});

Docs: http://api.jquery.com/jQuery.ajax/

Reported bug: http://bugs.jquery.com/ticket/8146

@Radek 2012-10-09 15:33:20

Now I can send cookie to subdomain :) Thank you!

@streetlight 2013-04-02 12:41:53

Is this supposed to work for cross (non-subdomain) ajax requests as well?

@Titus 2014-08-04 18:55:49

You're awesome... thanks!

Related Questions

Sponsored Content

18 Answered Questions

[SOLVED] How do I send a cross-domain POST request via JavaScript?

26 Answered Questions

[SOLVED] Access-Control-Allow-Origin Multiple Origin Domains?

13 Answered Questions

14 Answered Questions

[SOLVED] jQuery AJAX cross domain

12 Answered Questions

[SOLVED] AngularJS performs an OPTIONS HTTP request for a cross-origin resource

4 Answered Questions

[SOLVED] Phonegap Cross-domain AJAX POST Request not working on Android

2 Answered Questions

1 Answered Questions

IE8 & 9 Security Issue with jquery AJAX "Cross Domain" request

5 Answered Questions

[SOLVED] Cross Domain jQuery .AJAX problems

1 Answered Questions

[SOLVED] Firefox: Cross-domain requests with credentials return empty

Sponsored Content