I'm trying to make a request from domain a.com to domain b.com. Both are using HTTPS scheme. I've tried using Ember.js+Fetch and with jQuery()
When the following request is sent, the cookies are sent but I cannot load the response. It says the origin '*' is not allowed.
var url = 'https://b.com/somepage/';
// Using Ember fetch
fetch(url, {
credentials: 'include',
})
// Using jQuery
$.ajax({'url': url, 'xhrFields': {withCredentials: true}});
XMLHttpRequest cannot load https://b.com/somepage/. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://a.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
When the following request is sent, the cookies are not sent and I get a preflight request
// Using Ember fetch
fetch(url, {
headers: {
'Access-Control-Allow-Origin': 'https://a.com'
},
credentials: 'include',
})
// Using jQuery
$.ajax({
'headers': {'Access-Control-Allow-Origin': 'https://a.com'},
'url': url,
'xhrFields': {withCredentials: true}
});
XMLHttpRequest cannot load https://b.com/somepage/. Response for preflight is invalid (redirect)
The access to my webpage would be Client (browser) -> SSO -> My page. If cookie is present and valid the SSO will authenticate and redirect user. The cookie contains a token.
Aucun commentaire:
Enregistrer un commentaire