发出跨域HTTP请求时如何使浏览器包括主机来源域的cookie [英] How to make the Browser include the cookies of the domain of the host origin when making a cross-origin HTTP request

问题描述

我使用Fetch API将凭据从 demo.home.com网站向 demo.company.com提出了跨域HTTP请求，并将凭据设置为 include。有两个cookie。一个是‘cookie_home = 123； Domain = demo.home.com，另一个是 cookie_company = 456； Domain = demo.company.com。结果，请求中包含了Cookie cookie_company。是否有任何方法可以让请求中包含cookie'cookie_home'？

I made a cross-origin HTTP request from the website 'demo.home.com' to 'demo.company.com' using the Fetch api with the credentials set to 'include'. There are two cookies. One is 'cookie_home=123; Domain=demo.home.com', the other is 'cookie_company=456; Domain=demo.company.com'. As a result, the cookie 'cookie_company' was included by the request. Is there any way to let the cookie 'cookie_home' be included by the request?

// the request is made in the website 'http://demo.home.com'
// the cookies are:
// 'cookie_home=123; Domain=demo.home.com'
// 'cookie_company=456; Domain=demo.company.com'
fetch('http://demo.company.com/api/test', {
    method: 'GET',
    credentials: 'include'
});

推荐答案

您不能。 获取（和 XMLHttpRequest ）没有提供在请求中手动设置cookie的机制。

You can't. fetch (and XMLHttpRequest) provide no mechanism to manually set cookies in a request.

他们只会在浏览器的cookie罐中发送目标URL的cookie。这适用于Cookie所属域的正常规则。

They'll only send cookies in the browser's cookie jar for the target URL. This applies the normal rules for which domain a cookie belongs to.

您需要使用其他某种机制来发送要存储在Cookie中的数据。

You need to use some other mechanism to send the data you would store in the cookies.

这篇关于发出跨域HTTP请求时如何使浏览器包括主机来源域的cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！