CORS withCredentials XHR preflight not posting Cookies in Firefox

Question

I\'m trying to do a CORS XHR post w/ credentials. It works great in Chrome, but not in Firefox. The cookies are not present in the pre-flight request headers, and so I\'m seei

Answer 1

Per spec at https://www.w3.org/TR/cors/#resource-preflight-requests the preflight request never includes cookies. Specifically, the spec says:

• Exclude user credentials.

and that links to https://www.w3.org/TR/cors/#user-credentials which says:

The term user credentials for the purposes of this specification means cookies, HTTP authentication, and client-side SSL (...).

That said, the code snippet you quote above shouldn't involve a preflight at all: there are no upload event listeners, the method is as simple method, and there are no author headers set. So if you're really seeing a preflight request, the first question is why that's happening. Do you have any extensions in Firefox that might be munging your XMLHttpRequest object?