Reputation: 88337
Cookies not sent on OPTIONS requests
For an Angular 1 app I am working on, cookie authentication is used. The problem is: when making OPTIONS calls, cookies are not sent and the server tries to redirect user to login again. Just wondering, whose "fault" is it? Server (Azure API Apps) or frontend? If frontend, how do I send cookies on OPTIONS call? I am using augular-resource and have configured it as below:
$httpProvider.defaults.withCredentials = true
Upvotes: 14
Views: 13229
Answers (1)
Reputation: 944256
The specification says:
Otherwise, make a preflight request. Fetch the request URL from origin source origin using referrer source as override referrer source with the manual redirect flag and the block cookies flag set, using the method OPTIONS, and with the following additional constraints … Exclude user credentials.
The term user credentials for the purposes of this specification means cookies, HTTP authentication, and client-side SSL certificates that would be sent based on the user agent's previous interactions with the origin. Specifically it does not refer to proxy authentication or the Origin header.
So the client should not send cookies, and the server should be able to respond to the preflight request without requiring authentication to take place first.
Upvotes: 25
Related Questions
- Cookies in Set-Cookie are being ignored by browser
- Angular 2 cookie not set
- Cookies visible from HttpResponseMessage but not in Javascript
- Browser send the OPTIONS request does not bring the cookie to the server?
- $http doesn't send cookie in Requests
- Set-Cookie in Response Header not being created in browser - Using http POST
- Angular: Cookie is not created
- Send cookies in ajax angular
- Cookies in $http request
- angularJS read response cookie parameter empty