XHR2 withCredentials-发送哪些cookie? [英] XHR2 withCredentials - which cookies are sent?
问题描述
希望这很容易回答.
在XHR2中具有凭据请求时,发送哪些cookie?
我一直在关注有关凭据请求的MDN文章,它显示cookie pageAccess=2与请求一起发送.但是,它没有说明该Cookie的来源以及为什么专门发送该Cookie.是不是页面设置的所有cookie都是在任何凭据请求中发送的?
从 CORS :
.withCredentials属性将在请求中包含来自远程域的所有cookie,并且还将设置来自远程域的所有cookie.
我认为任何cookie"的意思是所有cookie"(可能受cookie上仅HTTPS标记的约束),因为没有机制可以用XHR2指定cookie.
发送的cookie是由远程域设置的cookie :如果 Hopefully this is simple to answer. With a credentialed request in XHR2, which cookies are sent? I've been following the MDN article on credentialed requests, and it shows that the cookie From the HTML5 Rocks page on CORS: The I assume "any cookies" means "all cookies" (probably subject to a HTTPS-only flag on the cookie), since there is no mechanism to specify cookies with XHR2. The cookies that get sent are the cookies that were set by the remote domain: if 这篇关于XHR2 withCredentials-发送哪些cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!foo.com向bar.com发送请求凭据请求,则将发送bar.com设置的所有cookie .实际上,假设facebook.com具有可识别CORS的API,要求您登录后才能使用.我已经在浏览器会话的前面登录了Facebook,但是现在我正在浏览foo.com,它将代表我使用Facebook的API. foo.com要求ebrowser连同我所有的facebook.com cookie 发送跨域请求到facebook.com ,以便Facebook知道我是谁,并且我已经通过了Facebook的身份验证.pageAccess=2 is sent with the request. However it doesn't explain where that cookie comes from, and why that cookie specifically is being sent. Is it simply that all cookies set by the page are sent in any credentialed request?
.withCredentials property will include any cookies from the remote domain in the request, and it will also set any cookies from the remote domain.foo.com sends a request a credentialed request to bar.com, any cookies set by bar.com are sent. To put this in practical terms, suppose facebook.com has a CORS-aware API that requires you to be logged in to use. I've logged in to Facebook earlier in my browser session, but now I'm browsing foo.com, which is going to use Facebook's API on my behalf. foo.com asks th ebrowser to send a cross-domain request to facebook.com along with all my facebook.com cookies so Facebook knows who I am and that I've already authenticated to Facebook.
