Hi, > I don't know much about CORS. If you make a login call in order to > authenticate the user and the server you call with the login is on a > different domain, how do you get the transaction to happen if > withCredentials are false?
The server sets an Access-Control-Allow-Origin header to allow cross domain calls. This by default this doesn’t pass credentials / cookies. In the login case the user credentials are likely passed in a URL query string (i.e. as form variable). Think of your classic login name and password form. It's only future requests that require the users authorisation cookie(s) to be passed on and that requires withCredentials set to true. Thanks, Justin
