设置Cookie在HTTP头中与AngularJS忽略 [英] Set-Cookie in HTTP header is ignored with AngularJS

问题描述

我上的应用程序基于对客户端和Java AngularJS我在服务器端API（Tomcat的+球衣WS）的工作。

我的API的一些路径受到限制，如果用户没有会话返回的响应状态是401在客户端，401 HTTP状态被截获将用户重定向到登录页面。

一旦用户通过验证后，我创建在服务器端的会话

 HTT prequest.getSession（真）; 

和响应发送到客户端确实有它的头设置cookie的指令：

设置Cookie：JSESSIONID = XXXXXXXXXXXXXXXXXXXXX;域=本地主机;路径= / API /;仅Http

问题是，cookie将被永远不要把在客户端。当我检查了本地主机域cookie它是空的，所以接下来的请求没有在他们的头和客户端这个cookie仍然无法访问我的API的限制路径。

的客户端和服务器在同一个域，但它们不具有相同的路径和相同的端口号：

客户：的http：//本地主机：8000 /应用/ index.html的

服务器：的http：//本地主机：8080 / API /限制/

附加信息：CORS是在两侧启用：

访问控制允许的方法，GET，POST，OPTIONS
访问控制允许来源，*
访问控制允许的凭据，真正

制作中的Set-Cookie的任何想法正常工作？
它是一个AngularJS相关的问题？

解决方案

我发现了一个问题AngularJS ，帮助我前进。

似乎访问控制允许的凭据：真正的没有设置客户端上。
说明 $ httpProvider.defaults.withCredentials = TRUE 被忽略了。

我更换一个简单的$ HTTP调用与$资源调用{withCredentials：真正}在配置参数

但现在我还有一个问题，似乎禁止具有访问控制允许来源，*和
访问控制允许的凭据，真正在同一时间。镀铬扔我一个错误在控制台中：

  

当凭据不能在访问控制允许来源使用通配符
  标志为true。

我卡住了。我不能设置其他产地比通配符，因为AngularJS是在客户端，所以我不知道的起源和我必须设置访问控制允许的凭据才能有饼干。

任何想法，让这两个头在同一时间？

I'm working on an application based on AngularJS on client side and Java for my API (Tomcat + Jersey for WS) on server side.

Some path of my API are restricted, if the user doesn't have a session the response status returned is 401. On the client side, 401 http status are intercepted to redirect the user to the login page.

Once the user is authenticated, I create a session on the server side

httpRequest.getSession(true);

and the response send to the client does have the Set-cookie instruction in its header :

Set-Cookie:JSESSIONID=XXXXXXXXXXXXXXXXXXXXX; Domain=localhost; Path=/api/; HttpOnly

The problem is that the cookie is never put on the client side. When I inspect cookie for localhost domain it's empty, so the next requests don't have this cookie in their header and client side still couldn't access to the restricted path of my API.

The client and the server are on the same domain but they don't have the same path and the same port number :

Client : http://localhost:8000/app/index.html

Server : http://localhost:8080/api/restricted/

Additional info : CORS is enabled on the both side :

"Access-Control-Allow-Methods", "GET, POST, OPTIONS"
"Access-Control-Allow-Origin", "*"
"Access-Control-Allow-Credentials", true

Any idea for making the Set-cookie works properly ? Is it an AngularJS related issue ?

解决方案

I found an issue in AngularJS that help me to move forward.

It seems that "Access-Control-Allow-Credentials" : true was not set on the client side. Instruction $httpProvider.defaults.withCredentials = true was ignored.

I replace $resource call by a simple $http call with {withCredentials:true} in the config parameter.

But now I have another problem, it seems forbidden to have "Access-Control-Allow-Origin", "*" and "Access-Control-Allow-Credentials", true in the same time. Chrome throw me an error in the console :

Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.

I'm stuck. I cannot set another origin than wildcard because AngularJS is on the client side so I don't know the origin and I have to set Access-Control-Allow-Credentials in order to have cookies.

Any ideas to allow both of these headers in the same time ?

这篇关于设置Cookie在HTTP头中与AngularJS忽略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！