I'm doing a cross-domain GET request from a 3rd party API that requires authentication. It works fine on Safari on OSX, but so far nowhere else (Chrome, Safari iOS, ..). In Chrome I get a 401 error (and the "A cookie associated with a cross site resource ... was set without the SameSite attribute" warnings).
My request:
$.ajax({
url: "https://example.com/api",
type: "GET",
dataType: "json",
crossDomain: true,
xhrFields: {
withCredentials: true
},
success: successCallback,
error: errorCallback
});
My intent is to have this request sent from my client site, and it will be able to do API calls so long as the user has recently logged on to the 3rd party site and session cookies are preseent.
I've seen discussion about Chrome recently increasing the requirement for CORS to have certain cookie settings for SameSite. It's not clear to me if this is my problem, and if so, are there any workarounds?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
