Status code = 0 when using xhrFields: {withCredentials: true} in jQuery $ ajax call with Firefox

I use

xhrFields : { withCredentials: true } 

in jQuery $ ajax calls to send session cookies in my requests.

The call gives the correct status code in my apache logs (401/200 depending on whether the cookie is set), but Firefox always gets the status = 0 (i.e. an error in $ .ajax ()) If I delete this xhrFields section , the status code is OK (but no cookies are sent)

Here is the response object that I get in Firefox with xhrFields setting:

 {"readyState":0,"responseText":"","status":0,"statusText":"error"} 

My Apache config is enabled with CORS support and also allows Access-Control-Allow-Credentials (here are the relevant HTTP headers)

 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * 

Is there something in the AJAX call or in the web server configuration?

NB: this works great in Chrome

+6
source share
1 answer

You probably need to specify the Access-Control-Allow-Origin header more explicitly than *.

https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials says:

Important note: when responding to an authenticated request, the server must specify a domain and cannot use wild carding.

+9
source

Source: https://habr.com/ru/post/919358/


All Articles