从不同的域读取cookie [英] Reading a cookie from a different domain
问题描述
我正在为公司内部的广告系列开发一个页面/表单。但是,第一步是检查此人是否已登录。这可以通过cookie(CUSTOMER)轻松检查,该Cookie在登录后设置。
I'm developing a page/form for a campaign inside my company. However, the first step is to check if the person is logged in. This is easily checked against a cookie - CUSTOMER - that is set once they're logged in.
但是:
1)我在本地开发,而不是在同一个域上,因此无法看到cookie
2)最终的广告系列可能会或可能不会最终停留在实际域。他们可能最终使用虚荣URL或其他东西。
However: 1) I'm developing locally, not on the same domain, and, as a result can't see that cookie 2) The final campaign may or may not end up residing on the actual domain. They may end up using a vanity URL or something.
出于此目的,我们假设我无法访问设置cookie的主域。
For purposes of this, let's assume I do NOT have access to the main domain where the cookie was set.
如何从域外读取该cookie?哦,既然IT人员不让我们触及后端抱怨,它必须是一个JS解决方案。
How can I read that cookie from off the domain? Oh, and since IT folks don't let us touch the back-end grumble, it has to be a JS solution.
谢谢!
推荐答案
你不能。
你能做的唯一的饼干使用客户端读取JavaScript是属于HTML文档主机的那些,其中嵌入了< script> 。
The only cookies you can read with client side JavaScript are those belonging to the host of the HTML document in which the <script> is embedded.
通过设置 withCredentials 您可以在跨源请求中支持cookie,但它们由浏览器透明处理,JS无法直接访问它们(XHR规范远远超出明确禁止 getAllResponseHeaders 从阅读cookie相关标题) 。跨域请求访问cookie的唯一方法是服务器(您说您无权访问)将数据复制到正文或不同的响应头中。
By setting withCredentials you can support cookies in cross-origin requests, but they are handled transparently by the browser and JS has no direct access to them (the XHR spec goes to far as to explicitly ban getAllResponseHeaders from reading cookie related headers). The only way for a cross-origin request to get access to cookies is for the server (which you say you don't have access to) to copy the data into the body or a different response header).
这篇关于从不同的域读取cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
