From 39b171e3504d4dc8b4bc3b01d9b52d719b76f8a2 Mon Sep 17 00:00:00 2001
From: Iury Lazoski <lazoski@gmail.com>
Date: Fri, 22 Apr 2016 14:45:10 -0300
Subject: [PATCH] Sending cookie data in payload when requested

XDomainRequest is limited and won't send any headers. It's now possible to send cookie data in payload (away from sniffers) using POST request and setting sendCookieInPayload in jQuery ajax options to true.

Some extra code will be needed in the REST endpoint to turn this data useful.
---
 jQuery.XDomainRequest.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/jQuery.XDomainRequest.js b/jQuery.XDomainRequest.js
index 071cbf8..de8f015 100644
--- a/jQuery.XDomainRequest.js
+++ b/jQuery.XDomainRequest.js
@@ -34,6 +34,12 @@ $.ajaxTransport('* text html xml json', function(options, userOptions, jqXHR) {
     return;
   }
 
+  // XDomainRequest does not send any headers, so we are sending cookie data in payload when credentials are requested
+  if(options.type === 'POST' && options.sendCookieInPayload && options.xhrFields.withCredentials) {
+    userOptions.data = userOptions.data || {};
+    userOptions.data.cookie = document.cookie;
+  }
+  
   var xdr = null;
 
   return {