Bug #7022
openSitewide announcements should be displayed on, and dismissable from, mapped domains
0%
Description
Currently this can't be done because the AJAX request requires authorization, and cookies aren't sent cross-domain. One of the following things should happen:
- Figure out a way to set the CORS headers in such a way that cookies are sent between domains. This should be possible with withCredentials plus some custom Allow-Origin work, but it needs exploration.
- Figure out a way to ensure that mapped-domain authentication always sets the commons.gc.cuny.edu auth cookie, so that the native domain cookies can be used. See #1508.
- Don't use cookie auth for the AJAX request - could just generate a secret key, or try to implement oAuth2 or something like that.
- Have a catcher on the mapped domain (which would use the mapped cookies) and then use PHP to dismiss the notice using switch_to_blog(). This is the easiest, but makes the plugin less appealing for broader use.
Related issues