Cross-domain AJAX POST withCredentials and IE8+ compatibility

Question

I have a login setup for one of my sites where the user types their information into a login popup on the home page, which then submits the information back to a servlet and then receives a response back via JSON. The home page then proceeds to send the user to their profile page or alternatively displays an error (e.g., if username and password do not match).

$.ajax({
    dataType: 'jsonp',
    async: false,
    url: loginLocation,
    type: 'GET',
    crossDomain: true,
    cache: false,
    xhrFields: crossDomain ? {
        withCredentials: true
    } : {},
    data: ({'key1': value1, 'key2': value2, ..., 'keyN':'valueN'}),
    success: function(data){
        if (data && data.status && data.status == "success") {
            window.location = profileLocation;
        } else {
            errorHandler();
        }
    },
    error: errorHandler
});

I am looking to change this from a GET request to a POST in order to prevent arbitrary query strings being sent into the servlet. However, it appears that there are several considerations at play here with regards to how the solution ought to be laid out. It must:

• use POST instead of GET
• be a cross-domain request (the login page and the servlet are on different domains over both of which I have access/control)
• use the withCredentials parameter (the login functionality relies on the JSESSIONID cookie so this parameter is required)
• be compatible with IE8 and above

I have tried looking into cross-domain ajax requests that fit the above criteria, but the major sticking point seems to be the IE8/IE9 compatibility. Approaches such as easyXDM appear to be ambiguous as to support for these browsers (I have seen conflicting reports online as to how it works in IE8) and I don't want to run into the danger of realizing it won't work halfway through implementation.

So in short, is there a way to do cross-domain ajax requests using POST and with the withCredentials parameter, that is also compatible with IE8+? Is easyXDM an appropriate solution to this?

Answer 1

I was able to determine the solution to the above question by using the xdomain library (found at https://github.com/jpillora/xdomain) which overrides the request behavior to allow cross-domain ajax in IE8 and IE9. This involved setting up the proxy.html as shown in the example on the xdomain site as well as adding Access-Control-Allow-Origin and other related headers to the server response. This allows cross-domain ajax JSON POST requests using withCredentials in IE8+ per the criteria listed in the original post. It also allows cross-domain requests between HTTP and HTTPS.