未随Web App manifest.json请求一起发送Cookie [英] Cookies not sent with request for Web App manifest.json

问题描述

我试图在需要身份验证的网站上启用PWA(通过Cookies管理登录令牌).

I am trying to enable PWA on a web site that requires authentication (login tokens managed via Cookies)..

我正在本地尝试此操作( http://localhost:4502 )并登录(并发出了登录Cookie ).

I am trying this out locally (http://localhost:4502) and login (and am issued the login cookie) for the web site.

问题是当请求Web App清单时，没有针对该请求发送任何Cookie，因此该请求未通过身份验证.

The problem is when the Web App manifest is requested, no Cookies are sent on the request, so the request is not authenticated.

<link rel="manifest" href="/content/site-x/manifest.json">

如您所见，清单与包含清单的网页是在相同的主机/方案中提供的.

As you can see the manifest is served off the the same host/scheme as the web page that includes it.

对清单的请求是否传递了cookie?我什至将我的登录cookie设置为尽可能宽松，但没有设置. cookie是在其他所有请求(JS，CSS等)上发送的-本地主机是否有特殊之处?还是不是http?

Do the requests for the the manifest have cookies passed along? I even set my login cookie to be as lax as possible, but nothing. The cookies are sent on all the other requests (JS, CSS, etc.) -- Is there something special about localhost perhaps? Or that its not http?

推荐答案

根据

对清单的请求没有任何凭证(即使它在同一域中)，因此，如果清单需要凭证，则必须在清单标记中包括crossorigin ="use-credentials".

The request for the manifest is made without any credentials (even if it's on the same domain), thus if the manifest requires credentials, you must include crossorigin="use-credentials" in the manifest tag.

因此，为两个跨域添加<link rel="manifest" href="/manifest.json" crossorigin="use-credentials">，就像在清单请求中添加服务器Cookie一样

So adding <link rel="manifest" href="/manifest.json" crossorigin="use-credentials"> for both cross domain as adding server cookies in the request for the manifest

这篇关于未随Web App manifest.json请求一起发送Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！