Reputation: 147
withCredentials dont belong to request header
Using xhr requests in chrome console with and without withCredentials xhrField shows the same request header attributes.
How withCredentials is mapped to request header ?
Typescript call (Angular 2) :
login(username : string, password : string) {
let data = {username: username, password: password}
return this.http.post(environment.apiEndpoint + 'login', data, { withCredentials: true })
.catch((error) => {
return Observable.throw(error.json());
});
}
Note: It's a cross origin call and I don't recieve cookies even if the server send them (set-cookie header field)
Upvotes: 0
Views: 1693
Answers (1)
Reputation: 21564
According to MDN:
The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.
It means that on cross-site request, it will add cookies, tls certificates and Authorization header, on same-origin request: nothing. It also allows X-site XHR to set cookies which is not the case usually.
Upvotes: 1
Related Questions
- Angular WithCredentials not working for POST, PUT
- angular2 xhrfields withcredentials true
- Cannot set Header Cookie in Angular even when passing withCredentials: true
- Error 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*', when header contains "withCredentials" with request
- Not able to send Username and Password in Angular http request headers
- Failed to execute 'setRequestHeader' on 'XMLHttpRequest': The object's state must be OPENED
- angular2 withCredentials = true fails on safari and IE
- Angular 2 GET withCredentials (to accept cookies from server)
- withCredentials AngularJS request POST error
- Request option "withCredentials" - Angular2