$http 请求不会在角度 CORS 中跨域发送 cookie [英] $http request doesn't send cookies cross-domain in angular CORS
问题描述
首先我想说的是,我已经阅读了 Stack 中的所有问题以及与 CORS 相关的所有内容,但实现仍然无法正常工作.我的 APP 建立在 angular crud demo 之上:
First of all I want to tell that I've read all the questions from Stack and everything related to CORS, but the implementation still doesn't work. My APP is built on top of angular crud demo:
所以我在应用配置中有:
So I have in the app config:
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
我知道它们设置正确(带调试).在我的安全"应用程序中,我正在为当前用户提出请求,跨域:
and I know they are correctly set (with debugging). In my "Security" app I'm doing a request for the current user, cross-domain:
return $http.get(LAYOUT_CONFIG.baseURL + '/current-user').then(function(response) {
//service.currentUser = response.data.user;
service.currentUser = response.data;
return service.currentUser;
});
我在第一次请求时得到这些标头:
I get these headers at the first request:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, origin, content-type, cookie
Access-Control-Allow-Methods:GET,POST
Access-Control-Allow-Origin:http://admin.vibetrace.com
Access-Control-Max-Age:1728000
Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html; charset=utf-8
Date:Sun, 02 Jun 2013 11:07:49 GMT
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Server:nginx/1.1.19
Set-Cookie:vibetrace.ssid=s%3A2lT2_N0-EevCJt7LbRlJ6Az1.d8xp99st%2F0RNV0VN2D4o4AJXNRT%2F%2F46v8PDVWSAbx%2Fw; Path=/; Expires=Mon, 30 Sep 2013 11:07:49 GMT
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-Cache:MISS
X-Powered-By:Express
所以 Set-Cookie 就在那里.但是,后续的 $http.get 请求(来自 angular)不会发送应该之前设置的 cookie.
So Set-Cookie is there. However, the subsequent $http.get request (from angular) doesn't send the cookie which should have been previously set.
Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:app.vibetrace.com
Origin:http://admin.vibetrace.com
Pragma:no-cache
Referer:http://admin.vibetrace.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36
但有趣的部分来了.如果我在控制台中运行以下代码:
but here comes the interesting part. If I run the following code in the console:
$.ajax("https://app.vibetrace.com/current-user", {
type: "GET",
success: function(data, status, xhr) {
},
xhrFields: {
withCredentials: true
},
crossDomain: true
});
请求标头包含 cookie.
the request header contains the cookies.
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:fbm_245656478789760=base_domain=.vibetrace.com; __utma=199448574.828439508.1336934706.1361539088.1361819816.356; __utmc=199448574; __utmz=199448574.1361819816.356.354.utmcsr=tenlister.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; connect.sid=s%3AZ1o9bIw0jBOmQwuhKJDG1San.%2BfshIsvupiRuK0pUJqm8EAMnMBCyxf%2Fk17cAVzcy31w; __utma=173003172.1796845739.1355503443.1369827921.1369833348.68; __utmc=173003172; __utmz=173003172.1369410587.66.5.utmcsr=stage.marketizator.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/builder/; vibetrace.ssid=s%3AV6biojefu9r5DTGErKL5vYPi.KAlnWMUm8jZmPV0MpP%2FrgqwmkF6WuXEZZDyzJhozYCs
Host:app.vibetrace.com
Origin:http://admin.vibetrace.com
Pragma:no-cache
Referer:http://admin.vibetrace.com/
我错过了什么?
推荐答案
你看到了吗?AngularJS 和位于不同域中的 Jersey Web 服务.无法访问正确的会话
尝试将配置对象传递给指定 withCredentials 的 $http,这应该适用于所有版本.
Try passing a config object to $http that specifies withCredentials, that should work in all versions.
$http({withCredentials: true, ...}).get(...)
这里的讨论:https://github.com/angular/angular.js/pull/1209
这篇关于$http 请求不会在角度 CORS 中跨域发送 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
