$http 请求不会以角度 CORS 跨域发送 cookie [英] $http request doesn't send cookies cross-domain in angular CORS
问题描述
首先我想说我已经阅读了来自 Stack 的所有问题以及与 CORS 相关的所有内容,但实现仍然不起作用.我的 APP 建立在 angular crud demo 之上:
First of all I want to tell that I've read all the questions from Stack and everything related to CORS, but the implementation still doesn't work. My APP is built on top of angular crud demo:
所以我在应用程序配置中有:
So I have in the app config:
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
而且我知道它们设置正确(带调试).在我的安全"应用程序中,我正在跨域请求当前用户:
and I know they are correctly set (with debugging). In my "Security" app I'm doing a request for the current user, cross-domain:
return $http.get(LAYOUT_CONFIG.baseURL + '/current-user').then(function(response) {
//service.currentUser = response.data.user;
service.currentUser = response.data;
return service.currentUser;
});
我在第一次请求时得到这些标头:
I get these headers at the first request:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, origin, content-type, cookie
Access-Control-Allow-Methods:GET,POST
Access-Control-Allow-Origin:http://admin.vibetrace.com
Access-Control-Max-Age:1728000
Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html; charset=utf-8
Date:Sun, 02 Jun 2013 11:07:49 GMT
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Server:nginx/1.1.19
Set-Cookie:vibetrace.ssid=s%3A2lT2_N0-EevCJt7LbRlJ6Az1.d8xp99st%2F0RNV0VN2D4o4AJXNRT%2F%2F46v8PDVWSAbx%2Fw; Path=/; Expires=Mon, 30 Sep 2013 11:07:49 GMT
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-Cache:MISS
X-Powered-By:Express
所以 Set-Cookie 就在那里.但是,随后的 $http.get 请求(来自 angular)不会发送之前应该设置的 cookie.
So Set-Cookie is there. However, the subsequent $http.get request (from angular) doesn't send the cookie which should have been previously set.
Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:app.vibetrace.com
Origin:http://admin.vibetrace.com
Pragma:no-cache
Referer:http://admin.vibetrace.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36
但有趣的部分来了.如果我在控制台中运行以下代码:
but here comes the interesting part. If I run the following code in the console:
$.ajax("https://app.vibetrace.com/current-user", {
type: "GET",
success: function(data, status, xhr) {
},
xhrFields: {
withCredentials: true
},
crossDomain: true
});
请求头包含 cookie.
the request header contains the cookies.
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:fbm_245656478789760=base_domain=.vibetrace.com; __utma=199448574.828439508.1336934706.1361539088.1361819816.356; __utmc=199448574; __utmz=199448574.1361819816.356.354.utmcsr=tenlister.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; connect.sid=s%3AZ1o9bIw0jBOmQwuhKJDG1San.%2BfshIsvupiRuK0pUJqm8EAMnMBCyxf%2Fk17cAVzcy31w; __utma=173003172.1796845739.1355503443.1369827921.1369833348.68; __utmc=173003172; __utmz=173003172.1369410587.66.5.utmcsr=stage.marketizator.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/builder/; vibetrace.ssid=s%3AV6biojefu9r5DTGErKL5vYPi.KAlnWMUm8jZmPV0MpP%2FrgqwmkF6WuXEZZDyzJhozYCs
Host:app.vibetrace.com
Origin:http://admin.vibetrace.com
Pragma:no-cache
Referer:http://admin.vibetrace.com/
我缺少什么?
推荐答案
你看到了吗?AngularJS 和位于不同域上的 Jersey Web 服务.无法访问正确的会话
尝试将一个配置对象传递给 $http 指定 withCredentials,它应该适用于所有版本.
Try passing a config object to $http that specifies withCredentials, that should work in all versions.
$http({withCredentials: true, ...}).get(...)
这里的讨论:https://github.com/angular/angular.js/pull/1209
这篇关于$http 请求不会以角度 CORS 跨域发送 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
