Passing cookies with jquery ajax request from a different domain

Question

I'm building a greasemonkey script to make posting to craigslist a lot easier for our clients.

Basically the flow is this:

1. User logs into our system (established authentication cookies with asp.net)
2. User navigates to a section on our site called "CraigsList". If they have the greasemonkey script installed it automatically opens up craigslist in a new tab.
3. The greasemonkey script then does a request back to our site at http://mysite.com/services.asmx/GetListings to retrieve a list of available items to be posted to craigslist.

This is where it fails because the request to http://mysite.com/services.asmx/GetListings is not including any of the authentication cookies. I'm not sure if it doesn't include the cookies because the request originates from craigslist.org and not mysite.com or what. I know it's an authentication issue because looking at it in fiddler it returns a 302 and redirects to the login page.

Here is my request:

$.ajax({
    url: "http://mysite.com/services.asmx/GetListings",
    dataType: "json",
    type: "post",
    error: function(request, status, error) {
        console.log("an error occurred getting the data");
    },
    success: function(data) {
        console.log("got the data!!!");
    }
});

Any advice would be appreciated.

Answer 1

It would be an enormous security problem if there were a way for one domain to access browser cookies tagged with a different domain name. Maybe your Greasemonkey script can fish the cookies out of the browser's brain somehow, but if you're driving things by dropping code onto your page, the normal security rules are going to be enforced.