MobileSafari不会发回使用CORS设置的Cookie [英] MobileSafari won't send back Cookies set with CORS
问题描述
我在MobileSafari中加载了一个网页,并通过CORS与另一个服务器通讯。
在桌面浏览器(经过测试的Chrome和Safari) ,获取会话cookie,并为后续请求发送会话cookie,以便我可以通过所有API调用进行身份验证。
但是,当我通过移动设备Safari,
不会在后续请求中发送。我使用Charles Proxy侦察发生了什么事告诉我:
-
POST https://myremoteserver.com/sessions.json
传递我的登录信息 - 它成功,并收到有效的
Set-Cookie
标题的响应。 -
请求GET $ https://myremoteserver.com/checkout.json
,但没有Cookie
请求标头 POST https://myremoteserver.com/sessions.json
passes up my login info- It succeeds and response is received with a valid
Set-Cookie
header. GET https://myremoteserver.com/checkout.json
is requested, without aCookie
request header.- Server responds as if I am not logged in.
$ b
我使用这个片段与 Zepto.js
,以确保 withCredentials:true
在XHR对象上正确设置。 (pardon the coffeescript)
#将withCredentials:true添加到xhr对象以向远程服务器发送我们的Cookie。
xhrFactory = $ .ajaxSettings.xhr
$ .ajaxSettings.xhr = - >
xhr = xhrFactory.apply(this,arguments)
xhr.withCredentials = yes
xhr
这个代码段在桌面浏览器中运行良好,在我添加它之前,我无法在这些桌面浏览器中保留会话Cookie。
MobileSafari中是否存在一些问题,阻止它像桌面浏览器一样工作?为什么不以同样的方式工作?
编辑 b
$ b
这里是我的CORS标题设置在我的rails 2.3应用程序,相当标准的东西我相信
def add_cors_headers
if valid_cors_domain
headers ['Access-Control-Allow-Origin'] = request.headers ['HTTP_ORIGIN']
headers ['Access-Control-Expose-Headers'] ='ETag'
header ['Access-Control-Allow-Methods'] ='GET,POST,PATCH,PUT,DELETE,OPTIONS,HEAD'
headers ['Access-Control-Allow- '] ='*,x-requested-with,Content-Type,If-Modified-Since,If-None-Match'
headers ['Access-Control-Allow-Credentials'] ='true'
headers ['Access-Control-Max-Age'] ='86400'
end
end
此外,今天桌面Safari山狮开始不发送cookie,行为就像MobileSafari。我不完全确定我昨天的评估是不准确,还是苹果只是拖钓我...
也可以使用 https://
将工作或你可以接受,但我有同样的问题,移动Safari和JSONP应用程序。看来Safari没有设置为接受第三方Cookie。我去了设置> Safari>接受Cookie并设置总是,问题蒸发了。祝你好运。
I have a page loading up in MobileSafari which communicated with another server via CORS.
In desktop browsers (tested Chrome and Safari), I am able to log in, get a session cookie, and have that session cookie be sent back for subsequent requests so that I may be authenticated with all API calls.
However, when I login via Mobile Safari, the cookie does not get sent back on subsequent requests.
I'm using Charles Proxy to spy on what's going on, and it tells me:
I'm using this snippet with Zepto.js
to ensure that the withCredentials: true
is properly setup on the XHR object. (pardon the coffeescript)
# Add withCredentials:true to the xhr object to send the remote server our cookies.
xhrFactory = $.ajaxSettings.xhr
$.ajaxSettings.xhr = ->
xhr = xhrFactory.apply(this, arguments)
xhr.withCredentials = yes
xhr
And that snippet works great in desktop browsers, and before I added it I was not able to preserve the session cookies in those desktop browsers.
Is there some quirk in MobileSafari that prevents this from working like desktop browsers? Why does it not work in the same way?
Edit!
here is my CORS headers setup in my rails 2.3 app, fairly standard stuff I believe
def add_cors_headers
if valid_cors_domain
headers['Access-Control-Allow-Origin'] = request.headers['HTTP_ORIGIN']
headers['Access-Control-Expose-Headers'] = 'ETag'
headers['Access-Control-Allow-Methods'] = 'GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD'
headers['Access-Control-Allow-Headers'] = '*,x-requested-with,Content-Type,If-Modified-Since,If-None-Match'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Max-Age'] = '86400'
end
end
Also today desktop Safari on Mountain Lion started not to send the cookie, behaving just like MobileSafari. I'm not entirely sure if my assessment yesterday was inaccurate, or perhaps Apple is just trolling me...
Also could this be affected by using https://
at the remote url?
I don't know if this solution will work or is acceptable to you but I had the same problem with mobile Safari and a JSONP app. It seemed that Safari was not set to accept third party cookies. I went to Settings > Safari > Accept Cookies and set 'Always' and the problem evaporated. Good luck.
Can I set cookies in a response from a jsonp request?
这篇关于MobileSafari不会发回使用CORS设置的Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!