拒绝设置不安全的头部“Cookie"浏览器出错但请求成功 [英] Refused to set unsafe header "Cookie" error in browser yet request is successful

问题描述

我正在使用 Angularjs.当我使用 xhr.setRequestHeader() 设置 Cookie 标头时，我在 Chrome 上收到以下错误:

拒绝设置不安全的头部Cookie"

然而，Cookie 包含在请求中并成功发送到服务器.我似乎已经正确配置了所有内容以允许服务器和客户端上的 Cookie 标头:

对于服务器，我有这些:

Header add Access-Control-Allow-Credentials "true"

对于客户，我指定这些:

withCredentials

为什么会出现这个错误?

解决方案

您从 Chrome 中收到该错误，因为根据 XHR 规范，setRequestHeader 方法不应设置带有 禁止的标题名称.

根据规范:

<块引用><块引用>

这些是被禁止的，因此用户代理仍然可以完全控制它们.

相反，对于 Angular 1.x，设置 cookie 使用$cookies，它会包含在后续的 xhr 请求中.

I'm using Angularjs. When I set Cookie header with xhr.setRequestHeader() I get the following error on Chrome:

Refused to set unsafe header "Cookie"

However, the Cookie is included into the request and successfully sent to server. I seem to have configured everything correctly to allow Cookie header on server and client:

for server I have these:

Header add Access-Control-Allow-Credentials "true"

for client I specify these:

withCredentials

Why is this error?

解决方案

You get that error from Chrome because, per the XHR specification, the setRequestHeader method should not set headers with a forbidden header name.

Per the specification:

These are forbidden so the user agent remains in full control over them.

Instead, for Angular 1.x, set the cookie by using $cookies, and it will be included in subsequent xhr requests.

这篇关于拒绝设置不安全的头部“Cookie"浏览器出错但请求成功的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！