快递不发送跨域Cookie [英] Express not sending cross domain cookies

问题描述

我在发送跨域会话cookie时遇到问题，搜索后我更加困惑.最初，我在 foo.vercel.com 上有一个客户端(下一个应用程序)，在 bar.heroku.com 上有一个api(Express).发送和保存Cookie可以在localhost上正常工作，但是在部署后，默认设置为 lex 的 sameSite 出现了问题.所以我将其更改为 none .但是我发现 sameSite none 在cookie集上需要 secure 标志，因此我也对此进行了更改.

I have a problem with sending cross domain session cookie and after searching I got even more confused. Originally I had a client (Next app) on foo.vercel.com and the api (Express) on bar.heroku.com. Sending and saving cookies was working correctly on localhost, but after deployment I got a problem with the sameSite set to lex by default. So I changed it to none. But I found that the sameSite none requires secure flag on the cookie set, so I also changed that.

将安全设置为 true 后，将不再发送cookie.

After setting secure to true the cookie is no longer being sent.

如果设置了安全性，并且您通过HTTP访问您的网站，则 该cookie不会设置 .

我的服务器和客户端都托管在HTTPS上.我检查了heroku上的日志，并且请求协议为HTTPS....但是，当我从GraphQL解析器中控制台记录 request.protocol 时，协议为HTTP:

Both my server and client are hosted on HTTPS. I checked the logs on the heroku and the request protocol is HTTPS... however when I console.log a request.protocol from a GraphQL resolver the protocol is HTTP:

看到此

没有跨域Cookie之类的东西.您可以在foo.example.com和bar.example.com之间共享Cookie，但不能在example.com和example2.com之间共享Cookie

There's no such thing as cross domain cookies. You could share a cookie between foo.example.com and bar.example.com but never between example.com and example2.com

我将客户端移至 baz.heroku.com ，但问题仍然存在.

I moved the client to baz.heroku.com but the problem remains.

为了检查一切是否仍然有效，我在 chrome://flags 中禁用了 没有SameSite的cookie ，它可以正常工作正确.

In order to check if everything still works I disabled the Cookies without SameSite must be secure in chrome://flags and it works correctly.

1. 甚至可以设置cookie跨域吗?
2. 为什么POST方法的协议与我在快递服务器中收到的请求的协议不同.(我从express获得请求，并将其通过上下文传递给GraphQL解析器)
3. 当然，我该如何将Cookie发送到不同域上的客户端.

我将不胜感激.

推荐答案

问题是Heroku的代理.我必须将以下内容添加到快递服务器中:

The problem was Heroku's proxy. I had to add the following to the express server:

 app.set("trust proxy", 1);

这篇关于快递不发送跨域Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！