有两个域:client.com和cookies.com。 Client.com提供文件:
<!DOCTYPE html>
<html>
<head>
<title>Requester</title>
</head>
<body>
<script>
var request = new XMLHttpRequest();
request.withCredentials = true;
request.open("POST", 'http://cookies.com');
request.send();
</script>
</body>
</html>
并且cookies.com提供文件
<?php
header('Access-Control-Allow-Origin: http://client.com');
header('Access-Control-Allow-Credentials: true');
$i = 0;
setcookie('A' . $i++, 'B', time() + 24 * 60 * 60, '/', '', false, false);
setcookie('A' . $i++, 'B', time() + 24 * 60 * 60, '/', '.client.com', false, false);
设置好的饼干,大家都很开心。但现在,client.com必须从client.com:3000提供服务,因此cookies.com代码将变为
<?php
header('Access-Control-Allow-Origin: http://client.com:3000');
header('Access-Control-Allow-Credentials: true');
$i = 0;
setcookie('A' . $i++, 'B', time() + 24 * 60 * 60, '/', '', false, false);
setcookie('A' . $i++, 'B', time() + 24 * 60 * 60, '/', '.client.com', false, false);
//Just for test, but cookies don't accept ports... don't they?
setcookie('A' . $i++, 'B', time() + 24 * 60 * 60, '/', '.client.com:3000', false, false);
似乎firefox接受域特定的cookie,但chrome不会。
为什么?