ajax call through cas

I need to write a google gadget that reads feeds from google groups. Trouble is I'm making an ajax 开发者_C百科call to retrieve the feeds and our google apps domain is protected by CAS (central authentication service). So, I'm getting a 400 bad request on making the call.

I suspect that the browser is not sending the cookie when making ajax call. How do I ensure that the cookie is also sent with the ajax call? OR if that's not supposed to be the problem, what do i need to do?

If you're making a plain-vanilla AJAX call (with jQuery, at least), the request will fail if the domain and subdomain both do not match. That is, if you're calling from app.mydomain.com to cas.mydomain.com, the request won't work.

In my testing the browser will send cookies along properly as you would expect, even on AJAX calls.

Also make sure that you're using the same protocol (HTTP or HTTPS) on both ends of the call (the app and the CAS server).

If you're using Firebug in Firefox, you should see the cookies being sent along with the request. If they're not showing up there, something else is likely going on that you'll have to dig up.

Here is a similar question that may be of benefit.

The JASIG CAS message list discusses using a JSESSIONID to overcome cross-domain ajax call restrictions.

I have a similar question asking if there are other approaches.

     $.ajax({  
            type: 'post',
            dataType: 'script',
            url:'/some url',
            data:{},
            beforeSend: function(xhr) {
            xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'));
            }

I have some problem like this thinking that cas not working with ajax, but i found that in rails 3 content attribute should be sent for post requests

May b you are facing the same thing. I've jst shared which get helped me out.