Angular is ignoring withcredentials #15805
Comments
|
@amineparis you need to pass it within https://angular.io/docs/ts/latest/api/http/index/Http-class.html#!#get-anchor |
|
does it change something the fact to send pure javascript object or RequestOptionsArgs ? |
|
No, Closing as not a bug nor feature. |
|
I am still stuck with the issue, with credentials is ignored I use Angular 4.x. I don't recieve cookies |
|
@amineparis can you show the code you use to create the request with |
|
@alxhub Here it is. I am depressed because of it :( +7 days full time trying to figure it out |
|
any heeeeeeeeelp +15 days full time working to figure it out, I am gonna fucking suicide because of it. I recieve cookies well when I make manual ajax request with withcredentials:true, that means the problem is not the server is that Angular 2 is not sending this option |
|
@amineparis -- as requested multiple times above, create a small sample demonstrating the problem; if you'd like help/support, submit a question to Stack Overflow, instead. |
|
it's Angular 2 problem everything is in place. it's a cross origin request. |
|
@amineparis Do you have access to the server code, you're trying to connect to? |
|
@antonyRoberts Yes I have. withCredentials are considered and cookies are recieved if I do native Jquery request to the same server. problem occures only when I call using Angular 2. the thing I need to debug the problem is how to know using google chrome for developers if withCredentials is true within a given request, I can't find any header field dedicated to that |
|
Any updates or good alternatives ideas to support cookie authentication ? |
|
@dannyhuly it's already working. Do you set const options = {}
options.withCredentials = true;
this.http.get(url, options) |
|
Sorry, the withCredentials works as intended. The cookie was set to "secure" and I didn't implement https. This issue should be closed. |
|
I'm in an Windows env. with NTLM, I got the same problem with CORS. I resolve it by removing headers from the options, it's feels like when adding headers, withCredentials gets overruled! I'm using http 4.3.1 Gives 401 Works: |
|
I have the same problem, withCredentials: true didn't working ! |
|
@Abdhafid Then help to provide a reproduction please. |
|
I upgrading from Angularjs to Angular 4, after authentication, I call WS spring to get a list of objects :
Using or not header/withCredentials, I have always 401 Unauthorized : |
|
|
I Can't reproduce my problem on http://plnkr.co (I must call Spring WS) |
|
You can call anything in Plunker within the internet. And if it's a CORS problem, then nothing should be related to Spring specifically. Actually from the conversation above it's quite clear they don't have a valid backend configuration, if you can reproduce the same backend, then we can tell you which part you did wrong. (Although that's not something should happen in this channel.) |
|
I belive the problem it's because I'm using proxy.conf.json |
|
withCredentials: true is working for GETs but not for POSTs. |
@breitling That's a clear evidence you don't have valid CORS setting, try add custom headers to GET or use |
|
Found the problem finally after 2 weeks of hard work, I was using localhost in front and 127.0.0.1 on back. Google chrome juged that it is not secure to share cookies (it is not the same host). Stupid browser :( |
|
@amineparis I have the same issue. How did you solve it ? |
|
it's explained on my last comment |
|
@amineparis, thanks a lot for your investigation and conclusion! |
|
I figure it out with the proxy. I can't call a post request with authorization header. |
(keep sending this option back to the server on any following request to keep "alive" your cookie)
Example: ExpressJS: (with some Cors options): |
|
Hi, I am still facing the issue. I tried like below but no luck. Could you please share your code. |
|
@harimada Hi! I'm using Angular 4.4.6. The new way for this Angular: req = req.clone({
withCredentials: true
});AuthInterceptor: import { Injectable } from '@angular/core';
import {HttpEvent, HttpHandler, HttpInterceptor, HttpRequest, HttpResponse, HttpErrorResponse} from '@angular/common/http';
import {Router} from '@angular/router';
import {Observable} from 'rxjs/Observable';
import 'rxjs/add/operator/do';
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
constructor(private router: Router) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
req = req.clone({
withCredentials: true
});
return next
.handle(req)
.do(event => {
if (event instanceof HttpResponse) {}
}, (error: any) => {
if (error instanceof HttpErrorResponse) {
if (error.status === 401) {
this.router.navigate(['/login']);
}
}
});
}
}AppModule: import {NgModule} from '@angular/core';
import {BrowserAnimationsModule} from '@angular/platform-browser/animations';
import {BrowserModule} from '@angular/platform-browser';
import {JsonpModule} from '@angular/http';
import {HTTP_INTERCEPTORS, HttpClientModule} from '@angular/common/http';
import {AppComponent} from './app.component';
import {AppRoutingModule} from './app-routing.module';
import {CoreModule} from './core/core.module';
import {AuthInterceptor} from './core/services/auth-interceptor.service';
import {PageNotFoundModule} from './page-not-found/page-not-found.module';
@NgModule({
imports: [
BrowserAnimationsModule,
BrowserModule,
JsonpModule,
HttpClientModule,
CoreModule,
PageNotFoundModule,
AppRoutingModule
],
declarations: [
AppComponent
],
providers: [
{
provide: HTTP_INTERCEPTORS,
useClass: AuthInterceptor,
multi: true
}
],
bootstrap: [AppComponent]
})
export class AppModule {
} |
|
Hi,I have had the same problem.When I use Could you help me? |
|
I found if I don’t use local host in my url things work better…
Sent from Mail for Windows 10
From: ali
Sent: Saturday, February 17, 2018 12:19 AM
To: angular/angular
Cc: Bob Breitling; Mention
Subject: Re: [angular/angular] Angular is ignoring withcredentials (#15805)
Hi,i have the same problem.when I use this.http.get(this.accountUrl + 'ExternalLoginConfirmation', { withCredentials: true })
I get this error :
Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4202' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Could you help me?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
^ The most recent question is because the CORS is configured incorrectly. You can't set withCredentials: true AND have origins '*' in your CORS file. You have to be specific about which origins you want to allow credentials from. |
|
I was able to fix the 401 error code I was receiving from my rails server by adding the following line to my ApiController: class ApiController < ActionController::Base // Taken from http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html |
|
Guys, Notice that if you set a custom Authorization header (interceptor used for JWT for example) This is because under the hood, the request your browser sends actually already has a header, that you can not see on chrome developer tools for some reason. with Wire-shark however, you can sniff it: the moment you set your own custom header ( |
|
I'm using Angular 6 with a Spring Framework backend. I use the following options with HttpClient POST to login (successfully): All subsequent HttpClient GET work with: However, subsequent HttpClient POST fails, even with: The Spring Framework backend is configured correctly, as the initial POST and subsequent GETs work fine. Only subsequent POST fails. Any pointers appreciated. |
|
I'm stuck at the same issue. Angular is running on localhost:4200 and Jersey webservices at localhost:8080. The network panel of Chrome shows that the session cookie is added to the GET request, but when I submit a POST, the panel shows the preflight OPTION requests without cookie, which fail due to the missing cookie. Any pointers appreciated |
|
@Rhobal. Please check in web.xml if OPTIONS is placed in security constraints. If present remove that and try it will work. I too faced similar issue for post req For options request it will not send cookies |
|
@harimada thank you! Indeed, OPTIONS requests do not come with cookies as specified. Here is what worked for me:
|
|
welcome to angular, i suggest vuejs or reactjs :) Lets face it who the fuck likes typescript anyway.... |
|
i am working working angular 6 app , i need sent back cookies on each request for req validation from server side
**NOTICE HERE RequestOption is deprecated in *HTTPCLIENT (angular5 and above) But when we working with angular6 and above version app you need to use HttpClient (htttp is deprecated here) and there is a big problem how to sent *RequestOption in requst. I need to say really thanks to this man @inovozenko , best way to this with interceptors .thank u so much u saved myd day. |
|
Thanks in advance !! |
I am also facing same problem. How you got cookies? |
|
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
and others
I have more 3 days working to figure out why browser can't recieve cookies until I have found that Angular 2 is ignoring withCredentials:true. please fix it. this will save the life of many developers
The text was updated successfully, but these errors were encountered: