Post not yet marked as solved
Click to stop watching this thread.
You have stopped watching this post. Click to start watching again.
contentPostList.repliesup-voted.tooltip
Replied In
Safari not prompting for credentials
So in the meantime i replaced the authentication server by a simple jsp that's setting the response headers, just to be sure that there is no kind of magic leading to the problemresponse.setHeader("Access-Control-Allow-Origin","https://serverA.company.com" );
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "...");
response.setHeader("Access-Control-Expose-Headers", "...");
response.setHeader("Access-Control-Allow-Methods","POST, GET, OPTIONS, DELETE" );
response.setHeader("Access-Control-Max-Age", "86400");
response.setHeader("Content-Type", "text/plain; charset=UTF-8");
if("OPTIONS".equals(request.getMethod())) {
response.setStatus(200);
} else {
response.setHeader("WWW-Authenticate", "Basic realm=\"Realm\"");
response.setStatus(401);
}As headers i specified the standard and non-standard request fields you can find on wiki.. way too much, but rather too much than too little 🙂 Also exposing everything and other options aren't necessary, but i tried to get it in a working state and reduce the option from there onThe calling side is quite as simplevar request = new XMLHttpRequest();
request.withCredentials = true;
request.open("GET","https://serverB.company.com/auth/index.jsp");
request.send(); I switched the wildcard certificates to multi-domain ones including the two domains and rolled it out on both servers.Result: Working in all browsers except Safari (or Chrome on iOS)...Does anyone have a clue what might be wrong here or what's missing?