MicrosoftEdge-Extensions icon indicating copy to clipboard operation
MicrosoftEdge-Extensions copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Extension making AJAX requests doesn't get authentication cookies appended

Open eadan-y opened this issue 2 years ago • 5 comments

On edge, when a user is logged in to his identity provider (Azure AD), an ajax request to the IDP URL from an extension gets rejected as if the user is not logged in. Making the same request from a webpage, works as expected. To my understanding, it has something to do with the PRT mechanism. If Edge wouldn't wrap the identification by itself, making requests to the IDP from the extension would just work - because it is based on cookies. But when Edge is managing the process - the cookies are not saved to the domain. Instead, they are appended to each network request created by the web page. Why isn't the same mechanism apply for requests created by the Extension? Can we get ajax requests to the IDP work? We need a way to get "inside" the PRT mechanism

eadan-y avatar Jun 22 '22 10:06 eadan-y

This issue is being tracked and it's currently in our backlog.

nagachaitanyalokam avatar Aug 19 '22 06:08 nagachaitanyalokam

@nagachaitanyalokam Any progress on this? We also faced this issue.

joesh36 avatar Nov 07 '22 16:11 joesh36

Hi @joesh36, @nagachaitanyalokam isn't working anymore with us now. I will look into it & keep you posted.

sivsouvamMSFT avatar Nov 08 '22 05:11 sivsouvamMSFT

Hey @sivsouvamMSFT, any news about this one?

eadan-y avatar Dec 04 '22 14:12 eadan-y

Hi @eadan-y, the issue is being tracked. It's on our backlog. I will be sharing updates on it soon.

sivsouvamMSFT avatar Dec 06 '22 07:12 sivsouvamMSFT