#TIL : Sending Cookie in AJAX CORs request

Mar 1, 2018 4 mins read 8d4302659

By default, browser will remove the cookie and authorization header from AJAX CORs request. So before sending out the request, make sure withCredentials must be true.

In this case, CORs response must specify which origin is allowed (mean no wildcard allowed origin rule).

comments powered by Disqus