Sending cookies with Cross Origin (CORS) request

Currently our application calls server agent with URLLoader+URLRequest ways. We sends requisite data and headers by attaching to URLRequest API.

Now the need came up to send something like this:

xhrFields: {
            withCredentials: true

I don’t found anything similar of a property xhrFields in URLRequest. The only close thing I found was using XMLHTTPRequest.withCredentials ( XMLHttpRequest: withCredentials property - Web APIs | MDN (

const xhr = new XMLHttpRequest();"GET", "", true);
xhr.withCredentials = true;

Do I really need to change our usage API from URLLoader to XMLHTTPRequest to send such property? Or, is there some way while we can continue to use our URLLoader+URLRequest ways?

Please, suggest.

As a follow-up to this, I learnt that we can send cookie by manipulating in request’s header; One may need to set urlRequest.manageCookies=false if testing on Windows ( - API Reference).

But I hit a roadblock when trying to test this on Windows, and if a named property “Cookie” adds to request’s header - it never sends. If I change the name slightly, i.e. “Cookie1” - it sends.

I’m not sure why is this, but I created an issue at OpenFL repository:
URLRequest fails to attach cookie by manipulating its header · Issue #2717 · openfl/openfl (

Still, instead of sending cookies manually, it could have been great if something like xmlHTTPRequest.withCredentials = true could be done with URLRequest call.

I can see that that Lime’s HTTPRequest has a withCredentials property. OpenFL’s URLLoader uses HTTPRequest internally, but it appears that URLLoader does not expose any way to modify the withCredentials property on the internal HTTPRequest.

1 Like

Yes, @joshtynjala . and that is why I opened this as one request - manageCookies does not withCredentials in HTTPRequest · Issue #2719 · openfl/openfl ( .

Currently, we manages to access the internal httpRequest.withCredentials of URLLoader but in hacky way, it’d be helpful if this can be access by default.