Wondering what the withCredentials property is used for

nervgh / angular-file-upload

[ALMOST NOT MAINTAINED] Angular File Upload is a module for the AngularJS framework

MIT License

3.43k stars 1.13k forks source link

Wondering what the withCredentials property is used for #255

Closed stephaneeybert closed 9 years ago

stephaneeybert commented 10 years ago

In my case, it was enough to provide the authentication header as in:

new FileUploader({ url: ENV.NITRO_PROJECT_REST_URL + '/bts/upload', removeAfterUpload: false, headers: { 'Authorization': AuthService.getCredentialsHeaders() } });

At first I also had the withCredentials: true but it didn't help.

JeanMeche commented 10 years ago

FYI, in my case setting withCredentials to true did in fact add the credentials when uploading a file so it is the documented behavior.

stephaneeybert commented 10 years ago

@kyro38 But you also had to provide the credentials header ?

JeanMeche commented 10 years ago

Nope, I just set the option to true. FYI, I'm using the v 1.0.3 of the module with AngularJS 1.2.26.

stephaneeybert commented 10 years ago

But at some point you have to provide some authentication payload. Like a base64 username password. How and when is this done then?

awerlang commented 9 years ago

From MDN:

XMLHttpRequest.withCredentials Is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies or authorization headers. The default is false. Note: This never affects same-site requests.

lxibarra commented 9 years ago

Yeap just had the same problem and i fixit by adding the auth token to the headers.

item.upload = new FileUploader({
          url: '/api/uploads',
          alias: 'attachment',
          headers: { 'Authorization': 'Bearer ' + $cookieStore.get('token') },
          domElement: item._id,
          withCredentials:true,
          formData: [
            {document: $routeParams.id},
            {concept: item._id}
          ]
        });

When you make $http.post request it gets intercepted by $httpProvider.interceptors (in my case) and it adds the token to the header, but the post made by the Uploader does not get intercepted so no token is added. That appears to be case for me.

Im using the yeoman generator angular-full stack generator.

stodd commented 9 years ago

Ixibarra's method works for me but if you are using Angular's $cookies service you will need to parse the token because it is returned with extra dbl quotes. $cookies.get('token') = "123abc" JSON.parse($cookies.get('token')) = 123abc