My phonegap app communicates with django, so I use the method described in the following article to capture and send csrftoken:
This has been working till iOS 10.3. In iOS 10.3, the ajax call gets all response headers except Set-Cookie. I tried adding xhrFields: {withCredentials: true} and crossDomain: true but it makes no difference.
Here is the request to get the csrftoken:
$.ajax({beforeSend: function(xhr) {xhr.withCredentials = true;},
type: "GET",
url: 'url',
xhrFields: {withCredentials: true},
crossDomain: true,
success: function(data, textStatus, xhr) {
// returns cookie in any iOS except the latest iOS 10.3
document.cookie = xhr.getResponseHeader("Set-Cookie");
},
});
The same code works fine in iOS 10.2 and we can save the csrftoken from "Set-Cookie" header for later use.
iOS 10.3 somehow prevents this "Set-Cookie" response header from appearing in the xhr object, thus we cannot get the csrftoken from server and any subsequent POST action will be forbidden.
Please advise, thank you!
1516
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
