Added missing CORS headers and xhrFields

This commit is contained in:
Danny Bessems 2019-06-19 10:34:31 +00:00
parent 6081e42d14
commit 5a2d3313e7
2 changed files with 5 additions and 0 deletions

View File

@ -31,6 +31,8 @@
}))[0]; }))[0];
if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) { if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400');
header("HTTP/1.1 202 Accepted"); header("HTTP/1.1 202 Accepted");
exit; exit;
} }

View File

@ -43,6 +43,9 @@ console.log('CrossDomainLogin initiated');
XHR.push($.get({ XHR.push($.get({
url: "https://auth." + domain + "/lucidAuth.setXDomainCookie.php", url: "https://auth." + domain + "/lucidAuth.setXDomainCookie.php",
crossDomain: true, crossDomain: true,
xhrFields: {
withCredentials: true,
},
data: { data: {
ref: btoa(JSON.stringify({ ref: btoa(JSON.stringify({
action: 'login', action: 'login',