We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy.
I have implemented the suggestions found here in this thread:
https://www.syncfusion.com/forums/155742/adding-jwt-to-saveurl-http-post
But I am getting a message output into my browser window:
Refused to set unsafe header "Cookie"
I am attaching the ASP.NET Identity cookie and passing it to the controller as the domain name is the same across my applications. I am also doing this with other controllers in my application currently.
It appears I have to set withCredentials = true but I am not seeing how to do this. Any suggestions/guidance here would be appreciated.
Hi Mike-E,
We have validated your requirement with the same code example which is your referenced forum. But we cannot replicate the reported issue from our end. we have attached a validated sample in the attachment.
If still, you have faced the same issue, please update the below details.
Whether you have used our uploader in the server-side or client-side application?
Update the exact Syncfusion package version details.
If you have faced the issue in any specific browser, then update the browser details.
These details will help us to provide an exact solution as earlier as possible.
Regards,
Sureshkumar P
Thank you very much for your reply Sureshkumar, and for making the solution. Note that the problem is when you do the following:
args.CurrentRequest = new List<object>
{
new
{
Cookie = "hello=world",
}
};
Authorization works, but Cookie does not. Please confirm.
Mike-E,
You get that error from Chrome because, per the XHR specification, the setRequestHeader method should not set headers with a forbidden header name.
Forbidden header name list documentation: https://fetch.spec.whatwg.org/#forbidden-header-name
To know more about this issue, please refer to the common forum link here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/74b23df2-15ab-40d2-adf9-8af5cae654e2/refused-to-set-unsafe-header-cookie?forum=netfxjscript
Regards,
Sureshkumar P
Thank you for your further reply Sureshkumar. That might be the default functionality, but as I mentioned in my original post, this can be overridden with withCredentials = true:
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
We cannot be overridden the issue by using withCredentials = true. To know more about this please refer to the below stack overflow link:
Hi Sureshkumar note that the link you provided is for node.js, whereas the context and links that I have provided are for in the browser.
Additionally, please note that even though the link you provided is for node.js, it too also offers an override (setDisableHeaderCheck(true)) as denoted by one of the answers:
https://stackoverflow.com/a/15267262
So while the original behavior does not support cookies, they can be overridden in both the browser and node.js with overrides. However, in the case of the browser, it would seem that Syncfusion's File Upload control does not provide the functionality to do so at the moment.
Based on your shared information, we have validated your reported requirement from our end. We will update you with further details in one business day (April 8th,2022).
Thanks for your shared information. We have confirmed the reported issue is an issue at our end and this fix will be included in our upcoming patch release, which is expected to be rolled out on April 26th,2022.
You can track the status of this issue from the below feedback.
Feedback: https://www.syncfusion.com/feedback/34077
Disclaimer: Inclusion of this solution in the weekly release may change due to other factors including but not limited to QA checks and works reprioritization
Great, thank you so very much @Sureshkumar & team!
Most welcome, we are glad to assist you.
