Header "Access-Control-Allow-Credentials" for all request types

davidtinker / grails-cors

Grails plugin to add Cross-Origin Resource Sharing (CORS) headers

38 stars 21 forks source link

Header "Access-Control-Allow-Credentials" for all request types #3

Closed pschneider-manzell closed 11 years ago

pschneider-manzell commented 11 years ago

In order to allow authentication via cors using this plugin, a header Access-Control-Allow-Credentials=true must always be sent to the client, not only for an OPTIONS request. This allowes the client to add withCredentials to the XHR request.
This is required e.g for exchanging the session cookie or OAuth cookies.

See here for more details: http://www.html5rocks.com/en/tutorials/cors/#toc-adding-cors-support-to-the-server

pschneider-manzell commented 11 years ago

Sorry for the mess regarding the 2 tickets, this is my first pull request on github ;)