Fineuploader solves the problem of cookie loss when uploading files across subdomains

In the current project, fineuploader, a pure HTML5 upload component, is used. During the development process, the upload service is placed separately under a specific subdomain. The domain set by the login cookie is under the root domain, and user login detection is performed in the back-end code. , I found that I was always redirected 302 to the non-logged-in page. After investigation, I found that it was caused by the ajax xhr request not containing cookies. After searching around on the Internet, I wrote

Native ajax request method:

var xhr = new XMLHttpRequest(); 
xhr.open("POST", "http://xxxx.com/demo/b/index.php", true); 
xhr.withCredentials = true; //支持跨域发送cookies
xhr.send();

jquery Ajax post method request:

$.ajax({
type: "POST",
url: "http://xxx.com/api/test",
dataType: 'jsonp',
xhrFields: {
withCredentials: true
},
crossDomain: true,
success:function(){
},
error:function(){
}
})

Server-side settings:
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: http://www. xxx.com");

The back-end has been adjusted accordingly. Because the front-end involves fineuploader, I simply searched for the keyword withCredentials in its code, and then went to the official document to read it. There is cors configuration http: //docs.fineuploader.com/api/options.html#cors

Add the following configuration to the configuration line and it will be ok

Js code

cors: {  
                allowXdr: true,// 此参数目前不知道有啥用  
                expected: true,  
                sendCredentials: true  
            }

After modification, the problem is solved.