未为 Angular2 发布请求设置响应中的设置 cookie [英] Set-cookie in response not set for Angular2 post request

问题描述

当我在 Angular2 中发出放置请求时，我在响应中收到了预期的 set-cookie.但是我的浏览器(Chrome 和 Firefox 都试过了)拒绝设置 cookie.

相反，当我使用 Angular 1 应用调用相同 API 端点时，cookie 设置正确.

响应头是:

Access-Control-Allow-Credentials:true访问控制允许来源:http://example.com允许:获取、放置、头部、选项内容类型:应用程序/json日期:2016 年 1 月 28 日星期四 14:41:38 GMTP3P:policyref="http://www.example.com/p3p.xml", CP="非 DSP COR CURa TIA"服务器:WSGIServer/0.1 Python/2.7.6Set-Cookie:sessionid=994wl49qfsizog5bqmt57sgx9q2toa25;到期=格林威治标准时间 2016 年 3 月 28 日星期一 14:41:37；最大年龄=5183999；路径=/设置-Cookie:csrf=u7UQhpAphTsGYKRU6jFlLFt6NoYAhNMS;域=api.example.com;到期=周四，2017 年 1 月 26 日 14:41:38 GMT；最大年龄=31449600；路径=/变化:接受，饼干

后端是在 Django 1.8 中编程的.

有没有人遇到过同样的事情或对如何解决这个问题有建议?

解决方案

我好像是一个 CORS 相关的问题.也许您可以尝试在执行 HTTP 请求时设置 withCredentials 属性.

这个答案可以帮助您了解如何做到这一点，尤其是 Cedric Exbrayat 的答案:>

• angular2 xhrfields withcredentials true

编辑

你可以扩展BrowserXhr:

@Injectable()导出类 CustomBrowserXhr 扩展 BrowserXhr {构造函数(){}构建():任何{让 xhr = super.build();xhr.withCredentials = true;返回 <any>(xhr);}}

并使用扩展覆盖 BrowserXhr 提供程序:

bootstrap(AppComponent, [HTTP_PROVIDERS,提供(BrowserXhr，{ useClass: CustomBrowserXhr })]);

如果您需要有关 CORS 的更多提示，可以查看此链接:http://restlet.com/blog/2015/12/15/understanding-and-using-cors/.

希望对你有帮助蒂埃里

When I make a put request in Angular2, I receive the expected set-cookie in the response. However my browser (tried both Chrome and Firefox) refuses to set the cookie.

Instead when I use an Angular 1 app making a call to the same API endpoint, the cookies are set correctly.

The response headers are:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://example.com
Allow:GET, PUT, HEAD, OPTIONS
Content-Type:application/json
Date:Thu, 28 Jan 2016 14:41:38 GMT
P3P:policyref="http://www.example.com/p3p.xml", CP="NON DSP COR CURa TIA"
Server:WSGIServer/0.1 Python/2.7.6
Set-Cookie:sessionid=994wl49qfsizog5bqmt57sgx9q2toa25; expires=Mon, 28-Mar-2016 14:41:37 GMT; Max-Age=5183999; Path=/
Set-Cookie:csrf=u7UQhpAphTsGYKRU6jFlLFt6NoYAhNMS; Domain=api.example.com; expires=Thu, 26-Jan-2017 14:41:38 GMT; Max-Age=31449600; Path=/
Vary:Accept, Cookie

The backend is programmed in Django 1.8.

Does anyone experienced the same thing or have a suggestion how to solve this problem?

解决方案

I seems to be a CORS-related issue. Perhaps you could try to set the withCredentials attribute when executing the HTTP request.

This answer could help you to find out how to do that, especially the Cedric Exbrayat's answer:

• angular2 xhrfields withcredentials true

Edit

You could extend the BrowserXhr:

@Injectable()
export class CustomBrowserXhr extends BrowserXhr {
  constructor() {}
  build(): any {
    let xhr = super.build();
    xhr.withCredentials = true;
    return <any>(xhr);
  }
}

and override the BrowserXhr provider with the extended:

bootstrap(AppComponent, [
  HTTP_PROVIDERS,
  provide(BrowserXhr, { useClass: CustomBrowserXhr })
]);

If you need more hints about CORS, you could have a look at this link: http://restlet.com/blog/2015/12/15/understanding-and-using-cors/.

Hope it helps you, Thierry

这篇关于未为 Angular2 发布请求设置响应中的设置 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！