Exactly what the title suggests:

I perform an ajax request to my server, it responds with a 403 but there are headers I want to retrieve and save on localStorage. This is for a phonegap app (Android and iOS), so the initiating domain isLocal (file://). When performing the call, I use the following code to try to intercept the response, but it returns undefined or an empty string.

Ajax:

    $.ajax({
        url: serverLink+action,
        type: "POST",
        data: "access_token="+accessToken+"&uid="+uid,
        crossDomain: true,
        complete: function(resp){
            var header = resp.getAllResponseHeaders();
            var match = header.match(/(Set-Cookie|set-cookie): (.+?);/);
            if (match) session = match[2];
            console.log(header, session)
        }
    })

Response Headers

Connection  Keep-Alive
Content-Encoding    gzip
Content-Length  1198
Content-Type    text/html
Date    Fri, 13 Apr 2012 22:51:02 GMT
Keep-Alive  timeout=15, max=100
Server  Apache/2.2.14 (Ubuntu)
Set-Cookie  sessionid=ebd26167e32bada2d2ed0bd3cc16d8a2; expires=Fri, 27-Apr-2012 22:51:02 GMT; Max-Age=1209600; Path=/
Vary    Cookie,Accept-Encoding

Further reading led me to here, which speaks of the CSRF on a django server. We are using a django server and either this or the 403 is the problem I suspect. There doesn’t seem to be a way (from the example answer there) to collect the cookie from webview and send it back to the server on subsequent requests.