I have a JS client (app.domain.com) that connects to an API written on rails and grapes (api.domain.com). CORS is configured, and I have a common cookie between the two domains, since the login is done on the api.domain.com server.
This JS application uses Spine.js, so everything is written in CoffeeScript. Therefore, to send a deletion request, I simply use:
@item.destroy
This will send a DELETE request to the API. However, the cookie is not sent along with the request header, so I had to change the above line of code to this:
$.ajax({
url: "http://api.domain.com/tasks/" + @item.id,
type: "DELETE",
crossDomain: true,
xhrFields: {
withCredentials: true
}
})
And it works great. It will send a “Access-Control-Allow-Credentials: true” response request for the cookie to be sent and the action authenticated.
, , , , Spine.
, ajax jQuery, - . :
jQuery.ajaxSetup({
headers: {
"X-Requested-With": "XMLHttpRequest",
"Access-Control-Allow-Credentials": "true"
}, crossDomain: true
});
, ajax .
, , API ( firebug).
- ?
!