SetCookie标头未存储 [英] SetCookie header not stored
问题描述
我目前正在制作一个带有node/express.js(用于API)和Vue.js(用于前端)的Web应用程序.
I'm currently making a web app with node/express.js for the API and Vue.js for the front-end.
对于身份验证,我设置了一个JWT并通过cookie(HttpOnly)发送该值. Chrome/Firefox调试器的响应请求中包含"SetCookie",但显然它没有存储在任何地方! 当我尝试发出需要cookie的请求时,请求标头不包含任何cookie.我真的不明白为什么:/. 经过一些研究,我以为是因为我在localhost上工作,所以我将服务器移到了云上,并通过修改hosts文件在前端设置了一个虚假域,但是仍然无法正常工作.
For the authentication, I set a JWT and send the value via a cookie (HttpOnly). The "SetCookie" is in the response request in Chrome/Firefox debugger but apparently it is not stored anywhere ! When I try to make requests which need the cookie, the requests headers don't contain any cookie. I really don't understand why :/. After some researches, I thought it was because I was working on localhost, so I moved my server on the cloud and set a false domain for the front by modifying the hosts file, but it still doesn't work.
此处是响应请求的示例: 响应标头
here an example of response request : Response header
在服务器上设置Cookie:
res.cookie('token', token, {
path: '/',
domain: '.shareinfo.io',
httpOnly: true,
maxAge: 86400000 // 24h
});
如果有人有想法或解决方案,那就太好了!
If someone has an idea or a solution, it would be very nice !
谢谢你,
Alvyre
推荐答案
最终,在我的计算机上有些头撞和在论坛上进行研究之后,我发现了问题.
FINALLY, after some head bangs on my computer and researches on forums, I found the issue.
我忽略了客户请求中的凭据,认为这对于身份验证并不重要,但这是一个巨大的错误.
I ignored credentials on client request, thinking it was not important for authentication, but it was a huge mistake.
实际上,凭据包括cookie,因此,如果您在向服务器/API发出请求时未将凭据设置为"true",则所有返回的cookie都将被忽略.您必须在服务器和客户端上都授权凭据.
In fact credentials include cookies, so if you don't set credentials to 'true' when you make your request to your server/API, all returned cookies will be ignored. you have to authorize credentials both on your server and client.
所以最终的代码是将此选项变量添加到我的POST请求中:(使用 Vue.js )
so the final code was to add this option variable to my POST request : (with Vue.js)
//Request options (CORS)
var options = {
headers: {
},
credentials: true
};
//Make your HTTP request:
this.$http.post(<url>, payload, options).then((response) => {
//success
}, (response) => {
//error
});
这篇关于SetCookie标头未存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!