Chrome为什么会忽略Set-Cookie标头? [英] Why does Chrome ignore Set-Cookie header?
问题描述
Chrome浏览器忽略Set-Cookie标头的历史由来已久.这些原因中的一些被称为错误并已修复,而其他则是持久性的.它们都不容易在文档中找到.
Chrome has a long history of ignoring Set-Cookie header. Some of these reasons have been termed bugs and fixed, others are persistent. None of them are easy to find in documentation.
- 302重定向中不允许使用Set-Cookie
- 如果主机是本地主机,则不允许使用Set-Cookie
- 如果Expires超出可接受范围,则不允许使用Set-Cookie
我目前正在努力让chrome接受一个简单的会话cookie. Firefox和Safari似乎接受Set-Cookie的几乎所有符合RFC的字符串. Chrome顽固地拒绝承认Set-Cookie指令甚至是根据请求发送的(在开发者工具(网络)中不会显示).卷曲看起来很好.
I am currently struggling with getting chrome to accept a simple session cookie. Firefox and Safari seem to accept most any RFC compliant string for Set-Cookie. Chrome stubbornly refuses to acknowledge that a Set-Cookie directive was even sent on the request (does not show up in Developer Tools (Network)). curl looks fine.
那么,有没有人拥有1)跨浏览器Set-Cookie格式的现代最佳实践,或2)有关导致Chrome浏览器出现问题的更多信息?
So does anyone have either 1) modern best practices for cross-browser Set-Cookie formatting or 2) more information regarding what can cause Chrome to bork here?
谢谢.
推荐答案
一件事咬住了我,但不在列表中:如果您尝试通过localhost上的HTTP设置安全cookie,Chrome会拒绝它因为您没有使用HTTPS.
One thing that has bitten me and is not on your list: if you are trying to set a secure cookie through HTTP on localhost, Chrome will reject it because you are not using HTTPS.
这种方式很有意义,但对本地发展却很烦人. (Firefox在这种情况下显然是一个例外,并允许通过localhost上的HTTP设置安全cookie).
This kind of makes sense, but is annoying for local development. (Firefox apparently makes an exception for this case and allow to set secure cookies over HTTP on localhost).
这篇关于Chrome为什么会忽略Set-Cookie标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
