Browser not sending cookies via AJAX but otherwise it's perfect

Question

I am currently having cookies set under localhost domain - I'll call it example.com (it isn't really example.com of course).

My api is at example.com:8888/api/myApi

When I request the above api from example.com:8080 via ajax

i.e - I go to example.com:8080 in my chrome browser, and i have a js code which sends request to example.com:8888/api/myApi

my browser do not send any cookie. I see this from network tab in chrome dev-tools I don't see any cookie under Request Headers Section

On the other hand if I open the same URL in other tab, no other changes, All cookies are sent and I get perfect response.

I do not think it could be cross origin issue as I already getting the following core-origin related headers in response -

Access-Control-Allow-Headers: *

Access-Control-Allow-Methods: GET,POST,OPTIONS

Access-Control-Allow-Origin: *

Extra Information -

My Ajax code :

var httpRequest = new XMLHttpRequest();

            httpRequest.onreadystatechange = function () {
                var data;
                if (httpRequest.readyState === 4) {
                    if (httpRequest.status === 200) {
                        if (httpRequest.response) {
                            data = httpRequest.response;
                        } else if (httpRequest.responseType && (httpRequest.responseType === '' || httpRequest.responseType === 'text')) {
                            data = httpRequest.responseText;
                        }
                        if (args.dataType && args.dataType === 'json' && typeof data === 'string') {
                            data = JSON.parse(data);
                        }
                        args.done(data, xdr);
                    } else {
                        args.fail(httpRequest);
                    }
                    args.always(httpRequest, data);
                }
            };
            httpRequest.open(args.type, fullUrl);
            httpRequest.setRequestHeader('Content-Type', args.contentType);
            httpRequest.responseType = args.dataType;
            httpRequest.send();

For Validation - Screenshot of my problem -

If your browser has cookies set for `example.com:8080` (from previous sessions) it will send them along when you open the URL via the address bar. If you request it from a different host however, which only works when you allow CORS, cookies are no longer sent along due to the very fact that you allowed CORS. In order to prevent this, you need to set `req.withCredentials = true;` where `req` is the XMLHttpRequest instance. — , Jun 12 '18 at 07:17
Possible duplicate of [Setting Cookies with CORS requests](https://stackoverflow.com/questions/36365409/setting-cookies-with-cors-requests) — , Jun 12 '18 at 07:17
If you use jQuery, see: https://stackoverflow.com/questions/8863571/cors-request-why-are-the-cookies-not-sent — , Jun 12 '18 at 07:19
Will Port change comes under cross origin? @ChrisG Because same cookies are getting sent when I directly hit the same URL through Browser. Main domain for all the three things - cookies, api & page is same, so it actually doesn't make sense to not send cookie when called via ajax, but send them when directly hit by user — Sanuj, Jun 12 '18 at 07:33
A different port is a separate origin, yes. Actively opening something via the address bar is very different from a website loading an arbitrary resource without your knowledge. — , Jun 12 '18 at 09:22
As per https://stackoverflow.com/questions/36365409/setting-cookies-with-cors-requests added withCredentials=true; Cookies were sent. Although for withCredentials we can not use * in Allow-origin header. Should I delete this question? — Sanuj, Jun 12 '18 at 09:36

Browser not sending cookies via AJAX but otherwise it's perfect

0 Answers0

Linked