cors - ASP.NET MVC Ajax form submitted cross domain not sending Cookies -

i have site has forms use asp.net mvc ajax. example of beginform method:

@using (ajax.beginform("handlesignin", "profile", null, new ajaxoptions() {        httpmethod = "post",        url = url.action("handlesignin", "profile", null, request.url.scheme),        onbegin = "setwithcredentialstrue(xhr)",        insertionmode = insertionmode.replace,        updatetargetid = "signin-form-container" },     new { id = "sign-in-form", @class = "text-left-desktop group" })) {     @html.antiforgerytoken()     @html.textboxfor(x => model.email, new { placeholder = "email" })     @html.passwordfor(x => model.password, new { placeholder = "password" })     <input type="submit" value="signin" class="button small-button"> } 

note because of request.url.scheme param in of url.action method, url being set different domain domain browser getting from. done because main site hosted statically using cdn while form loaded domain using ajax. works, except cookies not sent in ajax request. tried have cookies sent setting xhr.withcredentials = true using onbegin event , javascript:

<script type="text/javascript">     function setwithcredentialstrue(xhr) {         console.log("setwithcredentialstrue(xhr)", xhr);         xhr.withcredentials = true;     } </script> 

while can see setwithcredentialstrue() method gets called, not seem work in http request generated when form submitted not have cookie header.

all of server-side handlers setting access-control-allow-credentials response header true , access-control-allow-origin main (static) site domain.

update: more console logging, have verified xhr parameter passed onbegin event handler (setwithcredentialstrue) not xmlhttprequest object , hence setting withcredentials on not have affect. so question how can access xmlhttprequest object?

i figured out. xmlhttprequest object not exposed via asp.net mvc library. able alter jquery.unobtrusive-ajax.js, js library used asp.net mvc helper sets withcredentials true:

$(document).on("submit", "form[data-ajax=true]", function (evt) {     var clickinfo = $(this).data(data_click) || [],         clicktarget = $(this).data(data_target),         iscancel = clicktarget && clicktarget.hasclass("cancel");     evt.preventdefault();     if (!iscancel && !validate(this)) {         return;     }     asyncrequest(this, {         url: this.action,         type: this.method || "get",         data: clickinfo.concat($(this).serializearray()),         xhrfields: {             withcredentials: true         }     }); }); 

note: xhrfields part added.