在Safari上，通过重定向发送时不保存Cookie [英] On Safari, cookies are not saved when sent with redirect

问题描述

我已经实现了OAuth2客户端，其中的第一步是将用户发送到相关的第三方（此示例为facebook），我为他们设置了状态cookie，当他们从facebook返回时，我验证了该状态cookie

I have implemented an OAuth2 client, in which the first step is to send a user to the relevant 3rd party (facebook for this example), I set them a state cookie, and when they return from facebook I validate that state cookie.

在Chrome中，一切都很棒。当我将用户发送到重定向URL时，我可以看到（使用inspect元素）他们具有我设置的 state cookie。
但是，当我在最新的MacOS上尝试（桌面）野生动物园时，我看不到该cookie。

In Chrome, everything is great. When I send the user to the redirect URL, I can see (using inspect element) that they have the state cookie I set. However, when I try on (desktop) safari on latest MacOS, I don't see that cookie.

我在响应中设置了cookie重定向请求：

I set the cookie in the response for my redirect request:

res.cookie('state', state.toString(), {
  maxAge: 3600000,
  secure: true,
  httpOnly: true,
});
res.redirect(someRedirectUri);

我如何也可以将这些cookie保存在Safari中？我只是把cookie设置错了吗？

How can I get those cookies to be saved on Safari as well? Am I just setting the cookies wrong?

推荐答案

我认为您发现了已知的 WebKit 问题。

I think you've found known WebKit issue.

因此，Safari在遇到302 HTTP状态时会忽略Set-Cookie标头

So safari is ignoring the Set-Cookie header when encountering the 302 HTTP status

这篇关于在Safari上，通过重定向发送时不保存Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！