User Profile

So in the meantime i replaced the authentication server by a simple jsp that's setting the response headers, just to be sure that there is no kind of magic leading to the problemresponse.setHeader("Access-Control-Allow-Origin","https://serverA.company.com" ); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Headers", "..."); response.setHeader("Access-Control-Expose-Headers", "..."); response.setHeader("Access-Control-Allow-Methods","POST, GET, OPTIONS, DELETE" ); response.setHeader("Access-Control-Max-Age", "86400"); response.setHeader("Content-Type", "text/plain; charset=UTF-8"); if("OPTIONS".equals(request.getMethod())) { response.setStatus(200); } else { response.setHeader("WWW-Authenticate", "Basic realm=\"Realm\""); response.setStatus(401); }As headers i specified the standard and non-standard request fields you can find on wiki.. way too much, but rather too much than too little 🙂 Also exposing everything and other options aren't necessary, but i tried to get it in a working state and reduce the option from there onThe calling side is quite as simplevar request = new XMLHttpRequest(); request.withCredentials = true; request.open("GET","https://serverB.company.com/auth/index.jsp"); request.send(); I switched the wildcard certificates to multi-domain ones including the two domains and rolled it out on both servers.Result: Working in all browsers except Safari (or Chrome on iOS)...Does anyone have a clue what might be wrong here or what's missing?