Home > Others

The issue of creating cookies across domains in the browser

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

When we use Ajax to submit a request to the www.b.com domain under the www.a.com domain, the browser is not allowed by default because it violates the browser's same-origin policy. The solution can refer to the author's blog post: http://www.cnblogs.com/anai/p/4227157.html

Another problem that is discussed here is that when a request is submitted to the www.b.com domain, the background attempts to bind the cookie information in the response to inform the browser to save the cookie, but by default the browser does not create a cookie for you, The specific phenomenon is that you are now responding with a Set-cookie response header and have a value, and the browser will also have information to show that the cookie has been received, but it is not found in the cookie. Yes, that's because you're a cross-domain request to create a cookie. So what if we had to have a browser to create this cookie? Here you will use the attribute Xhrfields for a XMLHttpRequest object, which is explained in the official document as follows:

A Map of Fieldname-fieldvalue pairs to set on the native XHR object. For example, you can use it to set the to withCredentials true Cross-domain requests if needed.

This means that the property is a key-value pair used to configure the Xhr object, such as you can set withcredentials:true when a cross-domain request is needed

So what does withcredentials:true mean?

This property tells the browser, 1, allows the creation of cookie information from different domains, and 2, each time a cross-domain request is allowed to bring the cookie information

This configuration item also requires background permission to be valid, if the background allows the browser to send a request with credentials, then in the response header with "Access-control-allow-credentials", the value is "true".

If this response header is not added, the browser will not get the response body to the server.

Well, by this we already know how to create cookies across domains and bring cookies on every cross-domain request, simply to say that the front desk configures an ajax parameter: Xhrfields:{withcredentials:true}, Some of the information said also to set up crossdomain:true, but I do not think the test is required; background to bind "access-control-allow-credentials" in the response header, the value is "true".

The issue of creating cookies across domains in the browser

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress the field clear cookies in android browser purpose of cookies in php cookies and domains definition of cookies in php types of cookies in php list of all domains in world

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More