How can you use authentication with CORS imagery requests?

I am using an older version of Cesium with an imagery service that requires authentication. Is there a newer version of Cesium that works with authentication?

If not, are there any suggestions on the best approach to implement this?

I imagine loadImage would have to be modified as well as some other functions.

    var loadImage = function(url, allowCrossOrigin) {

authentication with CORS:

You shouldn’t have to modify any code but It really depends on the type of authentication and server you are using. Can you provide some additional details about what you are doing?

The server uses certificate authentication and requires cookies to be passed with each request. By default XMLHttpRequest using CORS do not send cookie information with requests. You have to enable credentials to pass cookies in the header.

Here is an example using XMLHttpRequest from the CORS page provided earlier. By enabling "withCredentials" the request passes the cookies in the header. I think the image object works the same way. The crossorigin attribute must be set to "use-credentials" instead of the default value "anonymous (

//Example XMLHttpRequest with credentials
var invocation = new XMLHttpRequest();
var url = ‘http://bar.other/resources/credentialed-content/’;
function callOtherDomain(){
  if(invocation) {‘GET’, url, true);

invocation.withCredentials = true;

    invocation.onreadystatechange = handler;
//end example

I think loadWithXhr.load needs to be changed but loadImage may need changes as well. Do you agree? I would imagine making the "useCredentials" a property of the ImageryProviders and then passing it down with each tile request. What do you think?

    loadWithXhr.load = function(url, responseType, method, data, headers, deferred, overrideMimeType) {
        var dataUriRegexResult = dataUriRegex.exec(url);
        if (dataUriRegexResult !== null) {
            deferred.resolve(decodeDataUri(dataUriRegexResult, responseType));

        var xhr = new XMLHttpRequest();

        if (defined(overrideMimeType)) {
xhr.withCredentials = true;