Wednesday, December 18, 2013

Third party calls (CORS), cookies and more...

1. Cookies set from the parent domain are by default not sent to the third party domain in xhr calls even if they from the common parent.

e.g. and

withCredential = true does the trick

2. Cookies set by the third party domain are not set on the client. The client ignores those headers.

No comments: