Set-Cookie标头无效 [英] Set-Cookie header has no effect
问题描述
我正在尝试为 localhost:3000上托管的网络应用中的。 localhost:4000 上运行的API设置Cookie
似乎我在浏览器中收到了正确的响应标题,但不幸的是它们没有效果。这些是响应头:
HTTP / 1.1 200 OK
Access-Control-Allow-Origin:http:// localhost :3000
变化:原点,接受编码
Set-Cookie:token = 0d522ba17e130d6d19eb9c25b7ac58387b798639f81ffe75bd449afbc3cc715d6b038e426adeac3316f0511dc7fae3f7;最大年龄= 86400;域本地主机=:4000;路径= /; Expires =星期二,2017年9月19日21:11:36 GMT; HttpOnly
Content-Type:application / json; charset = utf-8
内容长度:180
ETag:W /b4-VNrmF4xNeHGeLrGehNZTQNwAaUQ
日期:星期一,18九月2017 21:11:36 GMT
连接:保持活力
此外,我可以看到响应Cookie 下的cookie使用Chrome开发人员工具的网络标签检查流量。但是,我无法在存储/ Cookies 下的应用程序选项卡中看到cookie。我没有看到任何CORS错误,所以我认为我错过了其他的东西。
有什么建议吗?
< h3>更新我:
我正在使用
这个故事的道德是避免将CORS与cookie结合使用。您可以使用代理实现此目的。
如果你出于某种原因不能避免它。解决方案是:
因此,如果域包含端口,Chrome将不会设置cookie。为 localhost 设置它不是问题。非常感谢 Erwin 提供此技巧!
除此之外我实现了使用 Access-Control-Allow-Credentials 标头设置cookie,其值为 true 。使用axios模块我必须将 withCredentials 标志设置为 true 。
I am attempting to set a cookie for an API that is running on localhost:4000 in a web app that is hosted on localhost:3000.
It seems I'm receiving the right response headers in the browser, but unforturnately they have no effect. These are the response headers:
HTTP/1.1 200 OK Access-Control-Allow-Origin: http://localhost:3000 Vary: Origin, Accept-Encoding Set-Cookie: token=0d522ba17e130d6d19eb9c25b7ac58387b798639f81ffe75bd449afbc3cc715d6b038e426adeac3316f0511dc7fae3f7; Max-Age=86400; Domain=localhost:4000; Path=/; Expires=Tue, 19 Sep 2017 21:11:36 GMT; HttpOnly Content-Type: application/json; charset=utf-8 Content-Length: 180 ETag: W/"b4-VNrmF4xNeHGeLrGehNZTQNwAaUQ" Date: Mon, 18 Sep 2017 21:11:36 GMT Connection: keep-alive
Futhermore, I can see the cookie under Response Cookies when I inspect the traffic using the Network tab of Chrome's developer tools. Yet, I can't see a cookie being set in in the Application tab under Storage/Cookies. I don't see any CORS errors, so I assume I'm missing something else.
Any suggestions?
Update I:
I'm using the request module in a React-Redux app to issue a request to a /signin endpoint on the server. For the server I use express.
Express server:
res.cookie('token', 'xxx-xxx-xxx', { maxAge: 86400000, httpOnly: true, domain: 'localhost:3000' })
Request in browser:
request.post({ uri: '/signin', json: { userName: 'userOne', password: '123456'}}, (err, response, body) => {
// doing stuff
})
Update II:
I am setting request and response headers now like crazy now, making sure that they are present in both the request and the response. Below is a screenshot. Notice the headers Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Methods and Access-Control-Allow-Origin. Looking at the issue I found at Axios's github, I'm under the impression that all required headers are now set. Yet, there's still no luck...
Moral of this story is avoid having to use CORS in combination with cookies. You can acheive this with a proxy.
If you for whatever reason don't avoid it. The solution is this:
So it turned out that Chrome won't set the cookie if the domain contains a port. Setting it for localhost is not a problem. Many thanks to Erwin for this tip!
Besides that, I acheived setting a cookie using the Access-Control-Allow-Credentials header with value true. Using the axios module I had to set withCredentials flag to true also.
这篇关于Set-Cookie标头无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
