Set-Cookie在浏览器中不起作用，但可与Postman一起使用 [英] Set-Cookie not working in browser but works with Postman

问题描述

前端位于localhost:4200上，后端位于localhost:8080上

Frontend is on localhost:4200 and backend is on localhost:8080

我已经在后端和前端实现了CORS配置，并且所有其他API请求都可以正常工作.但是，Set-Cookie标志不会在我的浏览器中创建cookie.

I have implemented CORS configurations in my backend and frontend and all the other API requests work. However the Set-Cookie flag is not creating a cookie in my browser.

我什至在chrome中禁用了CORS .

当我使用邮递员发出POST请求时，我可以在Cookie选项卡中正确看到Cookie.我在网络浏览器中看不到Cookie.

When I make the POST request using Postman I correctly see the Cookie in the Cookie tabs. I don't see the cookie in the web browser.

OPTION请求

Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,credentials

选项响应

X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Access-Control-Allow-Origin: http://localhost:4200
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, credentials
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Date: Fri, 30 Jun 2017 14:55:58 GMT

POST请求

Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:4200/login
Content-Type: application/json
credentials: true
Content-Length: 48
Origin: http://localhost:4200
Connection: keep-alive

POST响应

X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Access-Control-Allow-Origin: http://localhost:4200
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, credentials
Set-Cookie: ddd=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOjJmYXhhcyIsImV4cCI6MTQ5ODkyMDk1OH0.sKJLH1GvgbJP28ws2EOZpc8EH0SElB4VQX86m59G8BjT-QAaRW6sInnrF6Y_yNJcIEcrrw_itb-O26KkKza8aA
Content-Length: 0
Date: Fri, 30 Jun 2017 14:55:58 GMT

推荐答案

在这种情况下，为了能够设置cookie，您必须允许所有OPTIONS请求从过滤器传递，因为根据它们它们不包含cookie. 此问题，更重要的是，当从服务器请求Cookie时，必须在服务器和客户端上将withCredentials选项设置为true双方.永远不要忘记在服务器上启用CORS请求(您必须使用通配符*定义源，例如localhost:4200，将无法正常工作)希望这对寻求该问题答案的人有所帮助.

In order to be able to set cookies in this case you have to allow all OPTIONS requests to pass from filter since they don't contain cookies according to this question , more importantly when requesting cookies from server withCredentials option has to be set to true on both of server and client sides. never forget to enable CORS requests on the server (you have to define the origin ,e.g. localhost:4200 , using wildcard * will not work) Hope this helps whomever looking for answer for this question.

这篇关于Set-Cookie在浏览器中不起作用，但可与Postman一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！