CORS请求 - 为什么Cookie不会发送? [英] CORS request - why are the cookies not sent?

查看:243
本文介绍了CORS请求 - 为什么Cookie不会发送?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个跨网域AJAX GET,它已成功预先调用,但Cookie并未附加到GET请求。
当用户单击登录按钮时,将进行POST以记录用户,这可以正确跨域工作。 JavaScript是:

I have a cross-domain AJAX GET which gets pre-flighted successfully, but the cookies don't get attached to the GET request. When the user clicks a log in button, a POST is made to log the user in, which works correctly cross domain. The JavaScript is:

        $.ajax(signin_url, {
            type: "POST",
            contentType: "application/json; charset=utf-8",
            data: JSON.stringify(credentials),
            success: function(data, status, xhr) {
                signInSuccess();
            },
            error: function(xhr, status, error) {
                signInFailure();
            },
            beforeSend: function(xhr) {
                xhr.withCredentials = true
            }
        });

响应标题包括一个cookie:

The response headers include a cookie:

Set-Cookie:user_token=snippysnipsnip; path=/; expires=Wed, 14-Jan-2032 16:16:49 GMT

如果登录成功,获取当前用户的详细信息的JavaScript GET请求:

If sign-in succeeds, a JavaScript GET request is made to get the current user's details:

function signInSuccess() {
    $.ajax(current_user_url, {
        type: "GET",
        contentType: "application/json; charset=utf-8",
        success: function(data, status, xhr) {
            displayWelcomeMessage();
        },
        beforeSend: function(xhr) {
            xhr.withCredentials = true;
        }
    });
}

Chrome的OPTIONS请求返回的CORS相关标题为:

The CORS-related headers returned from Chrome's OPTIONS request are:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:http://192.168.0.5
Access-Control-Max-Age:1728000

但是,GET请求中不发送Cookie。 / p>

However, no cookies are sent on the GET request.

推荐答案

问题是与jQuery调用 - 似乎从1.5 withCredentials应该指定为:

The issue was with the jQuery calls - it seems since 1.5 withCredentials should be specified as:

        $.ajax("http://localhost:3000/users/current", {
            type: "GET",
            contentType: "application/json; charset=utf-8",
            success: function(data, status, xhr) {
                hideAllContent();
                $("#sign_out_menu_item").show();
                $("#sign_in_menu_item").hide();
                $("#welcome").text("Welcome " + data["username"] + "!");
                $("#welcome").show();
            },
            xhrFields: {
                withCredentials: true
            },
            crossDomain: true
        });

这篇关于CORS请求 - 为什么Cookie不会发送?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆