Set-Cookie被阻止，因为它的Domain属性对于当前主机URL无效 [英] Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url

问题描述

我有一个部署在Vercel(Zeit)上的域 sambat.io 的React前端，以及使用该域 https://safe-ridge-68566部署到Heroku的Node API.herokuapp.com/和cookie设置如下:

  res.cookie('something'，'ckwdnjwedjbdh3bhbd2hdbhbhbhfbdsf'，{httpOnly:是的，sameSite:无"，域:.sambat.io"，安全:正确}) 

当我访问前端时，我可以在响应中看到 Set-Cookie 标头，但它不会设置cookie，并且存在以下警告:

此Set-Cookie被阻止，因为它的Domain属性对于当前主机URL无效.

我在这里想念什么?

以下是网络请求和响应的详细信息:

  GENERAL要求网址:https://safe-ridge-68566.herokuapp.com/users/twitter请求方法:POST状态码:201已创建 

 响应头访问控制允许凭据:true访问控制允许来源:https://sambat.io连接:保持活动状态内容类型:application/json;字符集= utf-8Set-Cookie:something = hwjdhwjdhwjehdjwdhuhhd3hd3u;域= .sambat.io;路径=/;HttpOnly;安全的;SameSite =无变化:起源 

 请求头接受:application/json，text/plain，*/*连接:保持活动状态内容类型:application/jsonCookie:某物= hwjdhwjdhwjehdjwdhuhhd3hd3u主持人:safe-ridge-68566.herokuapp.com来源:https://sambat.io语用说明:无快取引荐来源:https://sambat.io/秒提取目标:空安全提取模式:cors安全提取网站:跨网站 

解决方案

我认为问题是因为前端和后端没有相同的域，因此可能通过创建子域来尝试使后端位于相同的域./p>

如果您还有其他问题，请告诉我.

编程愉快.

I have a react frontend with domain sambat.io, deployed to Vercel (Zeit) and a Node API deployed to Heroku with this domain https://safe-ridge-68566.herokuapp.com/ and cookie setup like this:

res.cookie('something', 'ckwdnjwedjbdh3bhbd2hdbhbhbhfbdsf', {
    httpOnly: true,
    sameSite: 'none',
    domain: '.sambat.io',
    secure: true
  })

When I access the front-end, I can see the Set-Cookie header on the response but it won't set the cookie and there's this warning:

This Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url.

What did I miss here?

Here's the detail of the network request and response:

GENERAL

Request URL: https://safe-ridge-68566.herokuapp.com/users/twitter
Request Method: POST
Status Code: 201 Created

RESPONSE HEADERS

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://sambat.io
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Set-Cookie: something=hwjdhwjdhwjehdjwdhuhhd3hd3u; Domain=.sambat.io; Path=/; HttpOnly; Secure; SameSite=None
Vary: Origin

REQUEST HEADERS

Accept: application/json, text/plain, */*
Connection: keep-alive
Content-Type: application/json
Cookie: something=hwjdhwjdhwjehdjwdhuhhd3hd3u
Host: safe-ridge-68566.herokuapp.com
Origin: https://sambat.io
Pragma: no-cache
Referer: https://sambat.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

解决方案

I think the issue is because the front end and backend do not have the same domain try to have the backend on the same domain by probably creating a subdomain.

If you face any further issues please do let me know.

Happy programming.

这篇关于Set-Cookie被阻止，因为它的Domain属性对于当前主机URL无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！