Added missing CORS headers and xhrFields

2019-06-19 10:34:31 +00:00 · 2019-06-19 10:34:31 +00:00 · 5a2d3313e7
parent 6081e42d14
commit 5a2d3313e7
2 changed files with 5 additions and 0 deletions
--- a/public/lucidAuth.setXDomainCookie.php
+++ b/public/lucidAuth.setXDomainCookie.php
@ -31,6 +31,8 @@
                    }))[0];
                    if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
                        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+                        header('Access-Control-Allow-Credentials: true');
+                        header('Access-Control-Max-Age: 86400');
                        header("HTTP/1.1 202 Accepted");
                        exit;
                    }
--- a/public/misc/script.index.js
+++ b/public/misc/script.index.js
@ -43,6 +43,9 @@ console.log('CrossDomainLogin initiated');
                            XHR.push($.get({
                                url: "https://auth." + domain + "/lucidAuth.setXDomainCookie.php",
                                crossDomain: true,
+                                xhrFields: {
+                                    withCredentials: true,
+                                },
                                data: {
                                    ref: btoa(JSON.stringify({
                                        action: 'login',