search

jo5ef / Force-CORS

A Firefox Extension to add CORS headers to responses.
http://www-jo.se/f.pfleger/forcecors
28 stars 24 forks source link

Addon with jQuery and credentials #8

Open Aymkdn opened 10 years ago

Aymkdn commented 10 years ago

It's not an issue but a tip...

I tried to access to a resource using this addon. It worked for different websites, but not for the only one I wanted to get. Actually it's because I needed to use the credentials option. But then it didn't work again as Firefox returned "cross domain not allowed".

Finally I've changed the forcecors.headers value in about:config to: Access-Control-Allow-Methods *|Access-Control-Allow-Credentials true|Access-Control-Allow-Origin http://intranet.mydomain.com Note: I've had to specify my Allow-Origin domain to make it work and also to add the Allow-Credentials to true

And the jQuery Ajax request looks like that:

$.ajax({
  method: 'GET',
  url: 'https://myothersite.mydomain.com/mypage.aspx',
  xhrFields: {
    withCredentials: true
  }
}).done(function(data) {
  console.log(data)
})
indolering commented 9 years ago

There should be a setting that allows us to specify an array of allowed domains which Force-CORS uses whenever a credentialed request is made.