MobileSafari不会发回设置CORS饼干 [英] MobileSafari won't send back Cookies set with CORS

问题描述

我有一个页面加载在MobileSafari其中通过CORS另一台服务器通信。

I have a page loading up in MobileSafari which communicated with another server via CORS.

在桌面浏览器（测试Chrome和Safari），我能够登录，获得会话cookie，并具有会话cookie被发送回后续请求，这样我可以与所有的API调用验证。

In desktop browsers (tested Chrome and Safari), I am able to log in, get a session cookie, and have that session cookie be sent back for subsequent requests so that I may be authenticated with all API calls.

然而，当我通过移动Safari浏览器登录时，cookie确实的没有的送回到在后续的请求。

However, when I login via Mobile Safari, the cookie does not get sent back on subsequent requests.

我使用查尔斯代理窥探这是怎么回事，和它告诉我：

I'm using Charles Proxy to spy on what's going on, and it tells me:

1. POST https://myremoteserver.com/sessions.json 通过我的登录信息
2. 执行成功响应收到有效设置Cookie 头。
3. GET https://myremoteserver.com/checkout.json 要求，没有饼干请求头。
4. 在服务器响应，如果我没有登录。

1. POST https://myremoteserver.com/sessions.json passes up my login info
2. It succeeds and response is received with a valid Set-Cookie header.
3. GET https://myremoteserver.com/checkout.json is requested, without a Cookie request header.
4. Server responds as if I am not logged in.

我用这个片段与 Zepto.js ，以确保 withCredentials：真正的是正确设置有关XHR对象。 （原谅CoffeeScript的）

I'm using this snippet with Zepto.js to ensure that the withCredentials: true is properly setup on the XHR object. (pardon the coffeescript)

# Add withCredentials:true to the xhr object to send the remote server our cookies.
xhrFactory = $.ajaxSettings.xhr
$.ajaxSettings.xhr = ->
  xhr = xhrFactory.apply(this, arguments)
  xhr.withCredentials = yes
  xhr

这片段在桌面浏览器的伟大工程，在此之前我说这我无法preserve在那些桌面浏览器会话cookie。

And that snippet works great in desktop browsers, and before I added it I was not able to preserve the session cookies in those desktop browsers.

有没有在MobileSafari一些怪癖，起价像桌面浏览器的工作p $ pvents呢？为何不以同样的方式工作？

Is there some quirk in MobileSafari that prevents this from working like desktop browsers? Why does it not work in the same way?

修改！

这是我的CORS头文件的设置在我的Rails 2.3的应用程序，相当标准的东西，我相信

here is my CORS headers setup in my rails 2.3 app, fairly standard stuff I believe

def add_cors_headers
  if valid_cors_domain
    headers['Access-Control-Allow-Origin']      = request.headers['HTTP_ORIGIN']
    headers['Access-Control-Expose-Headers']    = 'ETag'
    headers['Access-Control-Allow-Methods']     = 'GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD'
    headers['Access-Control-Allow-Headers']     = '*,x-requested-with,Content-Type,If-Modified-Since,If-None-Match'
    headers['Access-Control-Allow-Credentials'] = 'true'
    headers['Access-Control-Max-Age']           = '86400'
  end
end

同样在今天桌面上的Safari山狮开始不发送Cookie，行为就像MobileSafari。我不能完全肯定，如果我的判断昨天是不准确的，或许苹果只是曳我...

Also today desktop Safari on Mountain Lion started not to send the cookie, behaving just like MobileSafari. I'm not entirely sure if my assessment yesterday was inaccurate, or perhaps Apple is just trolling me...

也可能这会影响使用的https：// 在远程URL

Also could this be affected by using https:// at the remote url?

推荐答案

打开地址通过一个iFrame设置cookie - 这将设置cookie

Open an address that sets the cookie via an iFrame - this will set the cookie.

这篇关于MobileSafari不会发回设置CORS饼干的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！