Chrome34忽略与域&QUOT饼干; .cloudapp.net" [英] Chrome34 ignores cookies with domain ".cloudapp.net"
问题描述
在很多来自我们的托管在Azure的Web角色开发/测试环境中调试,即突然停止使用Chrome 34的工作,我们意识到,Chrome的忽视有饼干域名.cloudapp设置cookie的响应。网(在Azure中默认的公共领域微软云服务)。我们选择这个名字之所以能够产生,需要从相同的JavaScript应用程序的安全要求不同的云服务之间的CORS请求。这意味着获得从MVC网站验证cookie如 http://example.cloudapp.net 并呼吁安全的WebAPI REST像 http://exampleServices.cloudapp.net 另一个Web角色服务(仅适用于饼干相同的域名)
After a lot of debugging from our dev/test environments hosted as web roles in Azure, that suddenly stopped working with Chrome 34, we realize that Chrome was ignoring the set-cookie response that has cookies with domain name ".cloudapp.net" (the default public Microsoft domain for cloud services in Azure). The reason we choose this name was to be able to generate CORS requests among different cloud services that needed secure requests from the same javascript App. This means getting an authentication cookie from a MVC site like http://example.cloudapp.net and calling secure WebApi REST services in another web role like http://exampleServices.cloudapp.net (only works with cookies with the same domain name)
以下是从生成该认证cookie云服务的认证响应的示例:
The following is an example of the authentication response from the cloud service that generates the authentication cookie:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin:http://example.cloudapp.net
Cache-Control:private
Content-Length:31
Content-Type:application/json; charset=utf-8
Date:Fri, 11 Apr 2014 20:21:20 GMT
Server:Microsoft-IIS/8.0
Set-Cookie:.COOKIENAME=XXXXXXXXXXXXXXXXXXXX; domain=.cloudapp.net; path=/; HttpOnly
我们所面临的问题是,该cookie是Chrome34 discarted这个域名,所以任何其他要求未通过身份验证。
我们可以购买在Azure中的公共领域,并建立我们的云服务,但我想知道是否有任何围绕工作这个问题。
The problem we are facing is that the cookie is discarted in Chrome34 with this domain name, so any other request is not authenticated. We can buy a public domain and setup our cloud services in azure, but I'd like to know if there is any work around to this problem.
推荐答案
这可能是因为喜欢Chrome浏览器,使用公共后缀列表(<一个href=\"https://publicsuffix.org/list/effective_tld_names.dat\">https://publicsuffix.org/list/effective_tld_names.dat)限制某些饼干。如果域名后缀上的cookie设置的公开共享,然后在浏览器可能阻止此类以prevent本身的cookie发送未经授权的数据在同一个域中运行的其它服务器。需要注意的是cloudapp .net域名是那里的公共后缀列表。
This is probably because browsers like Chrome use the Public Suffix List(https://publicsuffix.org/list/effective_tld_names.dat) to restrict certain cookies. If the domain suffix set on the cookie is shared publicly then the browser may block such a cookie in order to prevent itself from sending "unauthorized" data to other servers running on the same domain. Note that cloudapp.net domain is there in the Public Suffix list.
这篇关于Chrome34忽略与域&QUOT饼干; .cloudapp.net&QUOT;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
