拒绝设置不安全的头部“Cookie"浏览器出错但请求成功 [英] Refused to set unsafe header "Cookie" error in browser yet request is successful
问题描述
我正在使用 Angularjs.当我使用 xhr.setRequestHeader()
设置 Cookie
标头时,我在 Chrome 上收到以下错误:
拒绝设置不安全的头部Cookie"
然而,Cookie
包含在请求中并成功发送到服务器.我似乎已经正确配置了所有内容以允许服务器和客户端上的 Cookie
标头:
对于服务器,我有这些:
Header add Access-Control-Allow-Credentials "true"
对于客户,我指定这些:
withCredentials
为什么会出现这个错误?
您从 Chrome 中收到该错误,因为根据 XHR 规范,setRequestHeader
方法不应设置带有 禁止的标题名称.
根据规范:
<块引用><块引用>这些是被禁止的,因此用户代理仍然可以完全控制它们.
相反,对于 Angular 1.x,设置 cookie 使用$cookies
,它会包含在后续的 xhr
请求中.
I'm using Angularjs. When I set Cookie
header with xhr.setRequestHeader()
I get the following error on Chrome:
Refused to set unsafe header "Cookie"
However, the Cookie
is included into the request and successfully sent to server. I seem to have configured everything correctly to allow Cookie
header on server and client:
for server I have these:
Header add Access-Control-Allow-Credentials "true"
for client I specify these:
withCredentials
Why is this error?
You get that error from Chrome because, per the XHR specification, the setRequestHeader
method should not set headers with a forbidden header name.
Per the specification:
These are forbidden so the user agent remains in full control over them.
Instead, for Angular 1.x, set the cookie by using $cookies
, and it will be included in subsequent xhr
requests.
这篇关于拒绝设置不安全的头部“Cookie"浏览器出错但请求成功的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!