Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

fix for cross site authentication #41

Merged
merged 1 commit into from

2 participants

@fredrocious

When using xhr transports, "cookie" may not already be in headers for preflight request.
If request needs cookies to be set/sent, that check will result in 'Access-Control-Allow-Credentials' not being set.

Also, at least in Chrome/Firefox, setting header to value of True will result in it not being detected properly and you'll get a Credentials flag is true, but Access-Control-Allow-Credentials is not "true" error. 'Access-Control-Allow-Credentials' needs to be set to 'true'

reference Automattic/socket.io-client#335

@mrjoes mrjoes merged commit cae7263 into mrjoes:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 14, 2011
  1. @fredrocious
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 2 deletions.
  1. +1 −2  tornadio/polling.py
View
3  tornadio/polling.py
@@ -96,8 +96,7 @@ def preflight(self):
self.set_header('Access-Control-Allow-Origin',
self.request.headers['Origin'])
- if self.request.headers.has_key('Cookie'):
- self.set_header('Access-Control-Allow-Credentials', True)
+ self.set_header('Access-Control-Allow-Credentials', 'true')
return True
else:
Something went wrong with that request. Please try again.