We have multilingual sites setup using a different domainname for each language. We also setup the admin ui so that the translate tab on a node opens up in a modal dialog. When you hit the "edit" for one of the translations, the node edit form is opened also in a modal dialog.
CORS is setup to allow all our domains, supportsCredentials is enabled, methods are POST,GET and OPTIONS. exposedHeaders has the 'X-Drupal-Ajax-Token'.
When the Ajax calls are made to open the node edit forms in the second dialog, the calls are made anonymous. The session token is not send.
Setup multilingual site with at least 2 languages.
Use different domain for each language.
Setup CORS as described above.
To solve this, ajax.js needs to configure extra options when doing the requests:
- crossDomain: true
- xhrFields: { withCredentials: true }
Check if this has any impact on other Ajax related stuff.
None
None
None
None
Kinda messed up with the branches in the original ticket 3338518, so started from fresh.
Needs work
11.0 π₯
Last updated
Left some comments
MAY need a change record as this seems like a change that could impact others.