0

I've got a page, that on load event requests some service, but for it to work it has to share cookie set by that service (service authenticates through CAS). But due to different domain(and port if present) it doesn't work.

Is there any way to retrieve/read cookie? Although the page, that makes requests on load has most of the logic packaged in AngularJS. So maybe there is some issue with that then?

Thanks!

Eugene
  • 4,352
  • 8
  • 55
  • 79

1 Answers1

0

First step is to add the CORS HTTP headers to the remote service. This will allow AJAX to make the call to the remote service on a different domain and port. You'll need the Access-Control-Allow-Origin and Access-Control-Allow-Credentials specifically. The Allow-Origin will specific which domains are allowed to call this service remotely. Then Allow-Credentials will allow the authentication cookies to be dealt with.

After that's setup, you'll need to set the AJAX option withCredentials to true. That will tell Javascript to sent the cookies with the request. If that's happening inside AngularJS, take a look at AngularJS withCredentials.

Community
  • 1
  • 1
Steven V
  • 16,357
  • 3
  • 63
  • 76
  • What if `Access-Control-Allow-Origin` header must be used with value `'*'`? – Eugene May 14 '14 at 19:37
  • @Eugene Take a look at http://stackoverflow.com/questions/12001269/what-are-the-security-risks-of-setting-access-control-allow-origin which gives a decent summary of why using a wildcard isn't a smart idea in production. – Steven V May 14 '14 at 19:40
  • I'm not using it. It is designed, that way and changing it in current case is not an option. – Eugene May 14 '14 at 20:03