设置withcredential = true后未在请求标头中设置Cookie [英] Cookie not set in request header after set withcredential = true

问题描述

我在登录后调用api，并在登录响应标头中设置了set-cookie，并在浏览器中设置了cookie。但是当我尝试发出其他请求时，请求标头中没有cookie传递。我已经尝试添加withcredential = true，并且还允许带有所有必需标头的CORS。在浏览器中在登录响应中设置的
cookie

  .AspNetCore.Identity.Application 
将于2018-07-过期27T14：26：34.000Z 
仅Http真
路径/ 
安全真正
值CfDJ8IpQ2KMnnJJCu-Bxqp-xHNOQGuT6Ig74z_z6fhAba0WGCMyq7er9Zo87dX36mvr3vHm827XQFM_8cNQiv811mitpYZ4rRVRp4iV3RfpDkqGL-4UizEGUkJfSxxkFzIbVEEJNwIJXf5iFFlbC7Fw8zKDn7DYJN70iniH4HE-bzqJ4KXSsKnCyqePsYyi6iJ0_Rkk_TiE-TXggnFqrU_8n5XPcYaRVeinAeHRZ2xmJbcVrOwFAV1-D8zwgpnJxs2WaLsM9h5IoqdV1wOwyT-Awoy0QqAtTiUPs5h5Gh52HubsBcWLPKE_FbzfmK_1HsDGH1e1PIHYJaIgLx-q0trTSGK-22wvOnqMipax94zoO6mfF2Pbrz7NM-eJBBCTkSoNYXVIj8EpRPJXhk8uLKC9rqon2hA4qHpnrUWWdz1LT7FYzHjnhAx3hctXr2laQgc3ipT410zI15tl5XIIjEbqr9D5E6o -4MkcSCLsHCLkaurSmoQWF2VRQ8OuVHFz6Z7XTu7myAsCFWf3INcV-WBtJY6l9Luk2D7uenofPGFZ8D4fDL0oaPqvAKve6N8r2Q_eDXEVf- 
 $$$$$$  来自浏览器控制台的请求标头
接受application / json，text / plain，* / * 
 Accept-Encoding gzip，deflate，br 
接受语言en-US，en; q = 0.5 
访问控制权限凭据true 
连接保持活动
内容长度27 
内容类型application / x -www-form-urlencoded 
主机localhost：44354 
来源http：// localhost：4200 
推荐人http：// localhost：4200 / changepassword 
 User-Agent Mozilla / 5.0 （Windows NT 10.0; …）Gecko / 20100101 Firefox / 61.0 
 withCredentials true 
  

我的代码：-

  changePassword（changePasswordModel：ChangePassword）：可观察< ApiResponse> {
 const body = JSON.stringify（changePasswordModel）
 
 let enco：any = new HttpHeaders（）
 .set（'Content-Type'，'application / x-www -form-urlencoded'）
 .set（'withCredentials'，'true'）
 .set（'Access-Control-Allow-Credentials'，'true'）; 
 
返回this._httpClient.post（this.identityAPIEndPoint +'Account / ChangePassword'，body，{headers：enco，withCredentials：true}）。pipe（
 map（（response：Response ）=>< ApiResponse> response.json（）））; 
} 
  

我将Angular 5与HttpClient用于发布请求。
是我的使命吗？
请给我提示。

谢谢

解决方案

我认为您的问题出在Cookie的作用域上。有关更多信息，请参见 cookie范围部分此处。

因此，您应该为所有页面设置相同的路径因此该cookie在所有页面上都可用。例如，您可以将路径设置为 / 或应用程序的基本路径。

Access-Control-Allow-Credentials 是响应标头，因此应在响应中提供，而不是在请求中提供：请参见< a href = https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials rel = nofollow noreferrer>此处。

withCredentials 选项根本不是HTTP标头，而是一个选项，应在<$ c $中传递c>选项对象：请参见此链接。

此外，请阅读 有关更多有关CORS的信息。

I am call api after login and in login response header set-cookie is pass and cookie set in browser. but when i am try to make other request there is no cookie pass in request header. i have try to add withcredential = true and also allow CORS with all required headers. cookie set in browser in login response

.AspNetCore.Identity.Application    
expires 2018-07-27T14:26:34.000Z
httpOnly    true
path    /
secure  true
value   CfDJ8IpQ2KMnnJJCu-Bxqp-xHNOQGuT6Ig74z_z6fhAba0WGCMyq7er9Zo87dX36mvr3vHm827XQFM_8cNQiv811mitpYZ4rRVRp4iV3RfpDkqGL-4UizEGUkJfSxxkFzIbVEEJNwIJXf5iFFlbC7Fw8zKDn7DYJN70iniH4HE-bzqJ4KXSsKnCyqePsYyi6iJ0_Rkk_TiE-TXggnFqrU_8n5XPcYaRVeinAeHRZ2xmJbcVrOwFAV1-D8zwgpnJxs2WaLsM9h5IoqdV1wOwyT-Awoy0QqAtTiUPs5h5Gh52HubsBcWLPKE_FbzfmK_1HsDGH1e1PIHYJaIgLx-q0trTSGK-22wvOnqMipax94zoO6mfF2Pbrz7NM-eJBBCTkSoNYXVIj8EpRPJXhk8uLKC9rqon2hA4qHpnrUWWdz1LT7FYzHjnhAx3hctXr2laQgc3ipT410zI15tl5XIIjEbqr9D5E6o-4MkcSCLsHCLkaurSmoQWF2VRQ8OuVHFz6Z7XTu7myAsCFWf3INcV-WBtJY6l9Luk2D7uenofPGFZ8D4fDL0oaPqvAKve6N8r2Q_eDXEVf-

see my code

Request header from browser console
Accept  application/json, text/plain, */*
Accept-Encoding gzip, deflate, br
Accept-Language en-US,en;q=0.5
Access-Control-Allow-Credentials    true
Connection  keep-alive
Content-Length  27
Content-Type    application/x-www-form-urlencoded
Host    localhost:44354
Origin  http://localhost:4200
Referer http://localhost:4200/changepassword
User-Agent  Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/61.0
withCredentials true

my code:-

changePassword(changePasswordModel: ChangePassword): Observable<ApiResponse> {
    const body = JSON.stringify(changePasswordModel)

     let enco : any = new HttpHeaders()
        .set('Content-Type', 'application/x-www-form-urlencoded')
        .set('withCredentials', 'true')
        .set('Access-Control-Allow-Credentials', 'true');

    return this._httpClient.post(this.identityAPIEndPoint + 'Account/ChangePassword', body, { headers: enco, withCredentials: true}).pipe(
      map((response: Response) => <ApiResponse>response.json()));
  }

i am using angular 5 with HttpClient For Post Request. Is i am mission something. Please give me hint.

Thank you,

解决方案

I think that your problem here is the scope of your cookie. For more see the Scope of cookies section here.

So you should set the same path for all your pages so the cookie will be available from all pages. For example, you can set the path to be / or the base path of your application.

Access-Control-Allow-Credentials is a response header so it should be provided in the response and not in the request: see here.

And the withCredentials option isn't an HTTP header at all it's an option which should be passed in the options object: see this link.

Also, read this article for more about CORS.

这篇关于设置withcredential = true后未在请求标头中设置Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！