4

Firefox send a cross-domain post with credentials, I can (using Charles - a proxy for HTTP debugging) see that the server is sending back the response… But Firefox isn't "letting me see it" (for lack of a better description).

For example, using the documented example:

>>> var invocation = new XMLHttpRequest();
>>> invocation.open('GET', 'http://localhost/~wolever/cookie.php', true);
>>> invocation.withCredentials=true;
>>> invocation.onreadystatechange = console.log;
>>> invocation.send()
http://img.skitch.com/20100113-bq3a4qb1ufn52331x18ce3c7xu.png
>>> invocation.responseText
""
>>> invocation.responseXML
null

However, Charles tells me that this request has, in fact, returned the expected response:

http://img.skitch.com/20100113-njakyu4xequ5e3cyfhfnyeatq5.png

Any idea what could be going wrong?

And, incase it helps: the same request without credentials returns data as it should.

Community
  • 1
  • 1
David Wolever
  • 148,955
  • 89
  • 346
  • 502
  • Just a wild guess, can you try replacing `localhost` by `127.0.0.1` in case some "special case" magic happens when using localhost? – Pekka Jan 13 '10 at 13:53

1 Answers1

8

This is from the bottom of the MDC section you linked to:

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *.

I bet you missed this, it's hidden under a couple big example code blocks.

jbalogh
  • 96
  • 2