Http请求withCredentials是什么,为什么使用它? [英] Http requests withCredentials what is this and why using it?
问题描述
我在节点和角度的CORS上遇到了问题,并为true添加此选项解决了我的问题. 但是我找不到有关它是什么以及它在做什么的信息. 请有人可以解释吗?
I had a problem with CORS with node and angular and adding this option with true solved my problem. But I don't find info about what it is and what it is doing. Please can someone explain?
推荐答案
简短答案:
withCredentials()使您的浏览器在XHR请求中包含cookie和身份验证标头.如果您的服务依赖于任何cookie(包括会话cookie),则只能使用此选项集.
withCredentials() makes your browser include cookies and authentication headers in your XHR request. If your service depends on any cookie (including session cookies), it will only work with this option set.
更长的解释:
当您向其他原始服务器发出Ajax请求时,浏览器可能会向服务器发送OPTIONS飞行前请求,以发现端点的CORS策略(对于非GET请求).
When you issue an Ajax request to a different origin server, the browser may send an OPTIONS pre-flight request to the server to discover the CORS policy of the endpoint (for non-GET requests).
由于请求可能是由恶意脚本触发的,为避免将身份验证信息自动泄漏到远程服务器,浏览器将应用以下规则:
Since the request may have been triggered by a malicious script, to avoid automatically leaking authentication information to the remote server, the browser applies the following rules :
对于GET请求,在服务器请求中包括cookie和身份验证信息:
For GET requests, include cookie and authentication information in the server request :
- 如果使用
withCredentials选项设置为true的XHR客户端被调用 - 并且如果服务器回复不包含CORS标头Access-Control-Allow-Credentials:true,则在将对象返回Javascript之前丢弃响应
- if XHR client is invoked with the
withCredentialsoption is set to true - and if the server reply does not include the CORS Header Access-Control-Allow-Credentials: true, discard response before returning the object to Javascript
对于非GET请求,仅包含Cookie和身份验证信息:
For non GET requests, include cookie and authentication information only:
- 如果在XHR对象上将
withCredentials设置为true - 并且服务器已包含CORS标头Access-Control-Allow-Credentials:飞行前选项中为true
- if
withCredentialsis set to true on the XHR object - and the server has included the CORS Header Access-Control-Allow-Credentials: true in the pre-flight OPTIONS
这篇关于Http请求withCredentials是什么,为什么使用它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
