Http requests withCredentials 这是什么,为什么要使用它? [英] Http requests withCredentials what is this and why using it?
问题描述
我在使用节点和角度的 CORS 时遇到问题,将这个选项添加为 true 解决了我的问题.但我没有找到关于它是什么以及它在做什么的信息.请有人解释一下吗?
I had a problem with CORS with node and angular and adding this option with true solved my problem. But I don't find info about what it is and what it is doing. Please can someone explain?
推荐答案
简短回答:
withCredentials() 使您的浏览器在您的 XHR 请求中包含 cookie 和身份验证标头.如果您的服务依赖于任何 cookie(包括会话 cookie),则它仅适用于此选项集.
withCredentials() makes your browser include cookies and authentication headers in your XHR request. If your service depends on any cookie (including session cookies), it will only work with this option set.
更长的解释:
当您向不同的源服务器发出 Ajax 请求时,浏览器可能会向服务器发送一个 OPTIONS 预检请求,以发现端点的 CORS 策略(对于非 GET 请求).
When you issue an Ajax request to a different origin server, the browser may send an OPTIONS pre-flight request to the server to discover the CORS policy of the endpoint (for non-GET requests).
由于请求可能是由恶意脚本触发的,为了避免自动将认证信息泄露给远程服务器,浏览器应用以下规则:
Since the request may have been triggered by a malicious script, to avoid automatically leaking authentication information to the remote server, the browser applies the following rules :
对于 GET 请求,在服务器请求中包含 cookie 和身份验证信息:
For GET requests, include cookie and authentication information in the server request :
- 如果在调用 XHR 客户端时
withCredentials选项设置为 true - 如果服务器回复不包含 CORS 标头
Access-Control-Allow-Credentials: true,则在将对象返回给 Javascript 之前丢弃响应
- if XHR client is invoked with the
withCredentialsoption is set to true - and if the server reply does not include the CORS header
Access-Control-Allow-Credentials: true, discard response before returning the object to Javascript
对于非 GET 请求,仅包含 cookie 和身份验证信息:
For non GET requests, include cookie and authentication information only:
- 如果在 XHR 对象上将
withCredentials设置为 true - 并且服务器在飞行前选项中包含了 CORS 标头
Access-Control-Allow-Credentials: true
- if
withCredentialsis set to true on the XHR object - and the server has included the CORS header
Access-Control-Allow-Credentials: truein the pre-flight OPTIONS
这篇关于Http requests withCredentials 这是什么,为什么要使用它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
