Cookie Header in PhoneGap: Refused to set unsafe header “Cookie”

Question

I\'m developing a PhoneGap application that communicates with a secure .net server. The issue is, I can\'t seem to pass along any Cookies with any request (W3C).

Th

Answer 1

The short answer is no, you can't set the Cookie header. The reason for this is that Chrome is your User Agent, so it is required by the HTTP specification to disallow modifications to headers which have security implications.

One solution would be to perform an action that allows the server to set the cookie on your XmlHttpRequest object. You say you're already trying to do this but it's not working. I suspect that's because you need to set withCredentials on your ajax request. Add the xhrFields attribute, as follows.

var token;    
$.ajax({
    url: "https://server.com/AuthService/api/account/login",
    crossDomain: true,
    xhrFields: {withCredentials: true},
    type: 'post',
    async: false,
    data: {
        username: "username",
        password: "password"
    }
}).done(function(response) {
    token = response.securityToken;
    success = true;
});

Now as long as the responding server doesn't send a wildcard as its CORS allowed domains (Access-Control-Allow-Origin), you should receive the cookie.