Cookie在AJAX响应从其他域不尊重 - 是否有解决方法 [英] Cookie in AJAX response from other domain not honored - are there workarounds

问题描述

我在网域上有一个服务器端API api.example.com

I have a server-side API on the domain api.example.com

用户正在访问 www.website.com 其中脚本将XmlHttpRequest设置为 api.example.com ，并使用cookie获取响应。

User is visiting www.website.com where a script makes an XmlHttpRequest to api.example.com and gets a response with a cookie.

HTTP代理程式显示API的回应Cookie。

It appears the API's response cookie is not honored by the HTTP agent.

我知道非跨域泄漏cookie策略，但我认为这里的域将 api.example.com 。似乎我猜错了。

I'm aware of the non-cross-domain-leaking-cookie policy, but I thought the domain here would be api.example.com. Seems I guessed wrong.

有没有其他方法，我的API在 api.example.com 可以记住用户数据从一个站点到另一个？

Is there some other way that my API on api.example.com could remember user data from one site to another? If not, how could services like Criteo and other retargeting sites work, from this point of view?

推荐答案

确保您的API设置正确无误，如果没有，那么Criteo和其他重定向网站等服务是如何工作的？ ：

Make sure your API set:

1. Access-Control-Allow-Credentials > true 在可能的预检回应和定期回应中，


2. 源于实际请求的原始值


3. 和客户端集 XMLHttpRequest.withCredentials 到 true 。

1. Access-Control-Allow-Credentials header to true in possible preflight response and regular response,
2. Access-Control-Allow-Origin header to value of the origin from the actual request,
3. and client sets XMLHttpRequest.withCredentials to true.

这篇关于Cookie在AJAX响应从其他域不尊重 - 是否有解决方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！