Hello, I would like to understand if following is a valid firefox behavior or I am missing something.
Initial user action 1. User requests http://domainA.com/login 2. domainA serves Login page from http://domainA.com 3. User POSTs the login credentials to http://domainB.com via Ajax request. CORS is turned on by making xhr.withCredentials = true. 4. domainB.com is configured to respond to CORS requests from domainA.com. 5. A successful response is received (200). Cookie is set for domainB.com Followup action by the user 6. Now user manually initiates Ajax request to another resources in domainA. http://domainA.com/myHome 7. domainA does not find login cookie for domainA yet. So, domainA returns a 302 for a "loginValidation" resource on domainA itself. 8. Firefox transparently follows 302 to loginValidation resource. 9. As a response to domainA/loginValidation request, domainA responds with another 302 but this time to a loginValidation resource on domainB. 10. Firefox does NOT follow this 302. In this whole process, the cross domain headers were present only for the first request. How do I make the firefox follow the 302 in 10th step? Any ideas? I have tried to make sense out of MDN CORS Material<https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS> as well as CORS Spec<http://www.w3.org/TR/cors/>. But I could not get specific confirmation on this behavior / help on changing the behavior. _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
