我正在使用网络的本机POST向自己的服务器发出fetch请求。
当我使用fetch时,响应既不包含服务器添加到响应中的cookie,也不包含AWS ELB为会话粘性而添加的cookie。
使用curl,我可以确认Cookie已添加到响应中(已删除值,并删除了一些不必要的字段):
curl -v -X POST -H "Authorization: token xxx" myserver.com
* Trying <IP>
* TCP_NODELAY set
* Connected to myserver.com (<IP>) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: ...
> POST endpoint HTTP/1.1
> Host: myserver.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: token xxx
>
< HTTP/1.1 201 Created
< access-control-allow-credentials: true
< access-control-allow-headers: Authorization
< access-control-allow-origin: http://localhost:3000
< content-security-policy: frame-ancestors 'self'; report-uri /hub/security/csp-report; default-src 'none'
< content-type: text/plain
< date: Wed, 01 Aug 2018 19:30:18 GMT
< server: TornadoServer/5.1
< set-cookie: my-custom-cookie=c00kie; Path=/
< Set-Cookie: AWSELB=<AWS_COOKIE>;PATH=/
< Content-Length: 177
< Connection: keep-alive
<
* <Response>
但是,当我使用fetch时,响应如下:
fetch(`https://myserver.com/endpoint`, {
method: 'POST',
headers: headers,
credentials: 'include',
})
//
access-control-allow-credentials: true
access-control-allow-headers: Authorization
access-control-allow-origin: http://localhost:3000
Connection: keep-alive
Content-Length: 177
content-security-policy: frame-ancestors 'self'; report-uri
/hub/security/csp-report; default-src 'none'
content-type: text/plain
date: Wed, 01 Aug 2018 19:21:58 GMT
server: TornadoServer/5.1
x-jupyterhub-version: 0.9.1
(值是从Chrome控制台的“网络”标签中获取的,我无法发布图片)
我假设这与CORS有关-fetch请求来自浏览器。但是,我已根据以下要求在credentials: 'include'请求中设置了fetch:https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials
如何配置fetch以允许跨域发送和接收Cookie?
我已阅读potential duplicate,其中介绍了如何在跨域请求的fetch响应中获取Cookie。我在问题代码中重复了可接受的解决方案,但仍然没有在响应中收到Cookie。