MobileSafari 不会发回使用 CORS 设置的 Cookie [英] MobileSafari won't send back Cookies set with CORS

问题描述

我在 MobileSafari 中加载了一个页面，该页面通过 CORS 与另一台服务器通信.

I have a page loading up in MobileSafari which communicated with another server via CORS.

在桌面浏览器(经过测试的 Chrome 和 Safari)中，我能够登录，获取会话 cookie，并将该会话 cookie 发回以供后续请求，以便我可以通过所有 API 调用进行身份验证.

In desktop browsers (tested Chrome and Safari), I am able to log in, get a session cookie, and have that session cookie be sent back for subsequent requests so that I may be authenticated with all API calls.

但是，当我通过 Mobile Safari 登录时，cookie 不会在后续请求中被发回.

However, when I login via Mobile Safari, the cookie does not get sent back on subsequent requests.

我正在使用 Charles Proxy 监视正在发生的事情，它告诉我:

I'm using Charles Proxy to spy on what's going on, and it tells me:

1. POST https://myremoteserver.com/sessions.json 传递我的登录信息
2. 成功并收到带有有效 Set-Cookie 标头的响应.
3. GET https://myremoteserver.com/checkout.json 被请求，没有 Cookie 请求标头.
4. 服务器响应好像我没有登录一样.

1. POST https://myremoteserver.com/sessions.json passes up my login info
2. It succeeds and response is received with a valid Set-Cookie header.
3. GET https://myremoteserver.com/checkout.json is requested, without a Cookie request header.
4. Server responds as if I am not logged in.

我将此代码段与 Zepto.js 一起使用，以确保在 XHR 对象上正确设置了 withCredentials: true.(请原谅咖啡脚本)

I'm using this snippet with Zepto.js to ensure that the withCredentials: true is properly setup on the XHR object. (pardon the coffeescript)

# Add withCredentials:true to the xhr object to send the remote server our cookies.
xhrFactory = $.ajaxSettings.xhr
$.ajaxSettings.xhr = ->
  xhr = xhrFactory.apply(this, arguments)
  xhr.withCredentials = yes
  xhr

该片段在桌面浏览器中运行良好，在我添加它之前，我无法在这些桌面浏览器中保留会话 cookie.

And that snippet works great in desktop browsers, and before I added it I was not able to preserve the session cookies in those desktop browsers.

MobileSafari 中是否有一些怪癖会阻止它像桌面浏览器一样工作?为什么它的工作方式不一样?

Is there some quirk in MobileSafari that prevents this from working like desktop browsers? Why does it not work in the same way?

编辑！

这是我在 rails 2.3 应用程序中设置的 CORS 标头，我相信这是相当标准的东西

here is my CORS headers setup in my rails 2.3 app, fairly standard stuff I believe

def add_cors_headers
  if valid_cors_domain
    headers['Access-Control-Allow-Origin']      = request.headers['HTTP_ORIGIN']
    headers['Access-Control-Expose-Headers']    = 'ETag'
    headers['Access-Control-Allow-Methods']     = 'GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD'
    headers['Access-Control-Allow-Headers']     = '*,x-requested-with,Content-Type,If-Modified-Since,If-None-Match'
    headers['Access-Control-Allow-Credentials'] = 'true'
    headers['Access-Control-Max-Age']           = '86400'
  end
end

今天，Mountain Lion 上的桌面 Safari 也开始不发送 cookie，其行为与 MobileSafari 类似.我不完全确定我昨天的评估是否不准确，或者 Apple 只是在欺骗我......

Also today desktop Safari on Mountain Lion started not to send the cookie, behaving just like MobileSafari. I'm not entirely sure if my assessment yesterday was inaccurate, or perhaps Apple is just trolling me...

在远程 url 上使用 https:// 也会影响这一点吗?

Also could this be affected by using https:// at the remote url?

推荐答案

我不知道这个解决方案是否可行或您是否可以接受，但我在移动 Safari 和 JSONP 应用程序中遇到了同样的问题.似乎 Safari 并未设置为接受第三方 cookie.我去了设置> Safari>接受Cookie并设置始终"，问题就消失了.祝你好运.

I don't know if this solution will work or is acceptable to you but I had the same problem with mobile Safari and a JSONP app. It seemed that Safari was not set to accept third party cookies. I went to Settings > Safari > Accept Cookies and set 'Always' and the problem evaporated. Good luck.

我可以在响应中设置cookie吗来自 jsonp 请求?

这篇关于MobileSafari 不会发回使用 CORS 设置的 Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！