Authentication to custom dataserver with Cookie - This may save someone else some debugging time.

[angelikaSajani]

I've just successfully implemented (in principle, refinements pending) a TerriaMap adaptation where the user can login and subsequent requests to our data server are authenticated with a session cookie. There were several hurdles along the way, the last one was to convince the browser to send the cookie along when requesting files.

The solution was hidden somewhere within Cesium: Cesium has a concept of 'trusted servers', and you need to add your server to that list before cookies are sent.

What you need to do:
`
import TrustedServers from "terriajs-cesium/Source/Core/TrustedServers";

TrustedServers.add(<yourServersHostname>, <yourServersPortNumber>);
`

Explanation: Cesium uses the XMLHttpRequest api to fetch files, and in order to send cookies the withCredentials option needs to be set to true. This only happens if the url's host is listed in TrustedServers.
This may be obvious to lots of you, but it wasn't to me, and I hope this saves somebody else some time and grey hair :)

Feature suggestion: make the list of trusted servers configurable similar to "allowProxyFor". Or at least document this somewhere for dummies like me, please.

[nf-s]

Thanks @angelikaSajani - this is a great tip for everyone 🙂

[angelikaSajani]

As an additional tip: removing those servers from the trusted list when the user logs out acts as an additional safe-guard against data being accessed unlawfully by somebody manually adding a session cookie.