未根据OPTIONS请求发送Cookie [英] Cookies not sent on OPTIONS requests

问题描述

对于我正在使用的Angular 1应用程序，使用cookie身份验证.问题是:进行OPTIONS调用时，不发送cookie，并且服务器尝试将用户重定向以再次登录.只是想知道，这是谁的过失"?服务器(Azure API应用程序)还是前端?如果是前端，如何在OPTIONS呼叫中发送cookie?我正在使用augular-resource并将其配置如下:

For an Angular 1 app I am working on, cookie authentication is used. The problem is: when making OPTIONS calls, cookies are not sent and the server tries to redirect user to login again. Just wondering, whose "fault" is it? Server (Azure API Apps) or frontend? If frontend, how do I send cookies on OPTIONS call? I am using augular-resource and have configured it as below:

$httpProvider.defaults.withCredentials = true

推荐答案

规范说:

否则，请进行飞行前请求.使用方法OPTIONS，并使用以下附加约束，并使用手动重定向标志和设置了阻止cookie标志的引荐来源作为覆盖引荐来源，从始发源起源获取请求URL.

Otherwise, make a preflight request. Fetch the request URL from origin source origin using referrer source as override referrer source with the manual redirect flag and the block cookies flag set, using the method OPTIONS, and with the following additional constraints … Exclude user credentials.

以及

在本规范中，术语用户凭据"是指 cookies ，HTTP身份验证和客户端SSL证书，这些证书将根据用户代理与源的先前交互来发送.具体来说，它不涉及代理身份验证或Origin标头.

The term user credentials for the purposes of this specification means cookies, HTTP authentication, and client-side SSL certificates that would be sent based on the user agent's previous interactions with the origin. Specifically it does not refer to proxy authentication or the Origin header.

因此，客户端不应该发送cookie，并且服务器应该能够响应预检请求，而无需先进行身份验证.

So the client should not send cookies, and the server should be able to respond to the preflight request without requiring authentication to take place first.

这篇关于未根据OPTIONS请求发送Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！