Express 不发送跨域 cookie [英] Express not sending cross domain cookies

查看:26
本文介绍了Express 不发送跨域 cookie的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在发送跨域会话 cookie 时遇到问题,搜索后我更加困惑.最初我在 foo.vercel.com 上有一个客户端(下一个应用程序),在 bar.heroku.com 上有一个 api(Express).发送和保存 cookie 在本地主机上正常工作,但在部署后我遇到了 sameSite 默认设置为 lex 的问题.所以我把它改成了none.但我发现 sameSite none 在 cookie 集上需要 secure 标志,所以我也改变了.

I have a problem with sending cross domain session cookie and after searching I got even more confused. Originally I had a client (Next app) on foo.vercel.com and the api (Express) on bar.heroku.com. Sending and saving cookies was working correctly on localhost, but after deployment I got a problem with the sameSite set to lex by default. So I changed it to none. But I found that the sameSite none requires secure flag on the cookie set, so I also changed that.

secure 设置为 true 后,将不再发送 cookie.

After setting secure to true the cookie is no longer being sent.

如果设置了安全,并且您通过 HTTP 访问您的网站,将不会设置 cookie.

If secure is set, and you access your site over HTTP, the cookie will not be set.

我的服务器和客户端都托管在 HTTPS 上.我检查了 heroku 上的日志,请求协议是 HTTPS ......但是,当我从 GraphQL 解析器 console.log 一个 request.protocol 协议是 HTTP:

Both my server and client are hosted on HTTPS. I checked the logs on the heroku and the request protocol is HTTPS... however when I console.log a request.protocol from a GraphQL resolver the protocol is HTTP:

看到这个

没有跨域 cookie 之类的东西.您可以在 foo.example.com 和 bar.example.com 之间共享 cookie,但不能在 example.com 和 example2.com 之间共享

There's no such thing as cross domain cookies. You could share a cookie between foo.example.com and bar.example.com but never between example.com and example2.com

我将客户端移至 baz.heroku.com 但问题仍然存在.

I moved the client to baz.heroku.com but the problem remains.

为了检查一切是否仍然有效,我在 chrome://flags 中禁用了 没有 SameSite 的 Cookie 必须是安全的 并且它可以工作正确.

In order to check if everything still works I disabled the Cookies without SameSite must be secure in chrome://flags and it works correctly.

  1. 是否可以跨域设置 cookie?
  2. 为什么 POST 方法与我在快速服务器中获得的请求具有不同的协议.(我从 express 获取请求并将其通过上下文传递给 GraphQL 解析器)
  3. 当然,我如何将 cookie 发送到不同域上的客户端.

我将不胜感激.

推荐答案

问题出在 Heroku 的代理上.我必须将以下内容添加到快速服务器:

The problem was Heroku's proxy. I had to add the following to the express server:

 app.set("trust proxy", 1);

这篇关于Express 不发送跨域 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆