Skip to content

Instantly share code, notes, and snippets.

@foxnewsnetwork

foxnewsnetwork/rant.markdown

Created January 13, 2016 18:46
Show Gist options
  • Save foxnewsnetwork/009703d29a843453df19 to your computer and use it in GitHub Desktop.
Save foxnewsnetwork/009703d29a843453df19 to your computer and use it in GitHub Desktop.
Download ZIP
Browser Set-Cookie XHR put request
Raw
rant.markdown

Apparently xhr put (and patch) requests from browsers to remote servers ignore the response's Set-Cookie header. I don't know why browsers do this shit, but it's annoying as hell.

Remote Address:127.0.0.1:4000
Request URL:http://localhost:4000/api/sessions
Request Method:POST
Status Code:201 Created
Response Headers
view source
access-control-allow-credentials:true
access-control-allow-origin:http://localhost:4200
access-control-expose-headers:_apiv4_key
content-length:803
content-type:application/json; charset=utf-8
date:Wed, 13 Jan 2016 18:41:27 GMT
server:Cowboy
set-cookie:_apiv4_key=...

is okay, but change the method to put

Request Method:POST

Then all of a sudden the browsers don't bother to update the cookie for further upcoming xhr requests.

Be aware of this when building sessions, as you must no implement all updates to session via the post method.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment