Skip to content

Enabled xhrFields to pass the credentials on SSO authenticated environments #235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 11, 2016
Merged

Enabled xhrFields to pass the credentials on SSO authenticated environments #235

merged 1 commit into from
Jan 11, 2016

Conversation

@cmanaha
Copy link
Contributor

@cmanaha cmanaha commented Jan 8, 2016

Additional xhrFields : { withCredentials: True} added to the connection

@cmanaha
Enabled xhrFields to pass the credentials on SSO authenticated enviro…
ae654ee 
…nments

Additional xhrFields : { withCredentials: True} added to the connection
mobz added a commit that referenced this pull request Jan 11, 2016
@mobz
Merge pull request #235 from cmanaha/master
1dbcac4 
Enabled xhrFields to pass the credentials on SSO authenticated environments
@mobz mobz merged commit 1dbcac4 into mobz:master Jan 11, 2016
@philipskokoh philipskokoh mentioned this pull request Jan 20, 2016
Merged
@philipskokoh
Copy link
Collaborator

philipskokoh commented Jan 20, 2016

Thanks @sjuvonen for pointing out this issue.
I revert back the PR for now, will get back to address this issue later.

@nz
Copy link

nz commented Feb 18, 2016

withCredentials should be set to true only when actually using credentials.

Some more input on this: withCredentials is needed when you want to pass the entire session with cookies. For best results with CORS, you can do fine by setting an Authorization header, and leave withCredentials = false.

As an ES hosting provider, I definitely don't want people accidentally sending us their users' sessions over HTTP :-)

I helped build out CORS support on bonsai.io and definitely bumped my head on this a few times, happy to help support any efforts around it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cmanaha @philipskokoh @nz @sjuvonen @mobz