Skip to content

Commit e37f18a

Browse files
SvishSvish
committed
Updated cookie section in README.md
1 parent 76d2fd5 commit e37f18a

File tree

1 file changed

+21
-14
lines changed

1 file changed

+21
-14
lines changed

README.md

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -69,11 +69,11 @@ Usage with jQuery
6969

7070
``` JAVASCRIPT
7171
$.ajax({
72-
url: 'proxy.php',
73-
cache: false,
74-
headers: {
75-
'X-Proxy-URL': 'http://example.com/api/method',
76-
},
72+
url: 'proxy.php',
73+
cache: false,
74+
headers: {
75+
'X-Proxy-URL': 'http://example.com/api/method',
76+
},
7777
})
7878
```
7979

@@ -124,12 +124,12 @@ Security
124124
The hostname of the referer is checked, but can be easily spoofed, so the whitelist array should be put to good use. Fill it with any number of the following types of criterias:
125125

126126
- Exact paths
127-
`['http://example.com/api/specific-method']`
127+
`['http://example.com/api/specific-method']`
128128
- Array with single regex key
129-
`['regex' => '%^http://example.com/api/%']`
129+
`['regex' => '%^http://example.com/api/%']`
130130
- Array with any [parse_url](http://php.net/manual/en/function.parse-url.php) components to match
131-
`['host' => 'example.com']`
132-
`['host' => 'example.com', 'scheme' => 'https']`
131+
`['host' => 'example.com']`
132+
`['host' => 'example.com', 'scheme' => 'https']`
133133

134134
The requested URL must match at least one of the whitelisted criterias to be accepted, otherwise a 403 will be returned. The whitelist can also be set to an empty array to allow any URLs.
135135

@@ -159,13 +159,20 @@ CrossOriginProxy::proxy([
159159
Cookies
160160
---
161161

162-
Cookies sent to the proxy will be ignored, since the browser will send the ones meant for the domain of the proxy, and not the cookies meant for the proxied resource. So, if a request requires a certain cookie set, for example a session id, you can set the `X-Proxy-Cookie` header which is then used as `Cookie` header by the proxy.
162+
Cookies sent to the proxy will be ignored, since the browser will send the ones meant for the domain of the proxy, and not the cookies meant for the proxied resource.
163+
164+
If a request needs a cookie set, for example a session id, you can set the `X-Proxy-Cookie` header which will then be used as `Cookie` by the proxy.
165+
166+
Similarly, any `Set-Cookie` header in the response would be eaten by the browser and not accessible, so the proxy renames any `Set-Cookie` header to `X-Proxy-Set-Cookie`.
163167

164168
``` JAVASCRIPT
165169
$.ajax({
166-
url: 'https://example.com',
167-
headers: {
168-
'X-Proxy-Cookie': 'jsessionid=AS348AF929FK219CKA9FK3B79870H;',
169-
},
170+
url: 'https://example.com',
171+
headers: {
172+
'X-Proxy-Cookie': 'jsessionid=AS348AF929FK219CKA9FK3B79870H;',
173+
},
174+
success: function(data, status, jqXHR) {
175+
var cookie = jqXHR.getResponseHeader('X-Proxy-Set-Cookie');
176+
}
170177
})
171178
```

0 commit comments

Comments
 (0)