子域的jquery和cookie的CORS问题

时间:2017-05-25 06:43:55

标签: jquery wordpress cors

我在本地计算机上运行了2个站点。 (通过主机文件配置的名称)。

  • cf2.localhost.net(laravel)
  • cf2wp.localhost.net(wordpress)

当用户登录wordpress时,他们会从.localhost.net获取Cookie,当他们在laravel网站上加载页面时,他们也会收到此Cookie数据。

当我尝试执行jquery ajax请求时,不会发送cookie

使用Chrome工具我已经验证了:

  • 请求http://cf2.localhost.net/home将wordpress cookie发送到服务器
  • 使用

    返回cors预检
    Access-Control-Allow-Credentials:true
    Access-Control-Allow-Headers:Authorization, Content-Type
    Access-Control-Allow-Methods:OPTIONS, GET, POST, PUT, PATCH, DELETE
    Access-Control-Allow-Origin:http://cf2.localhost.net
    Access-Control-Expose-Headers:X-WP-Total, X-WP-TotalPages
    Connection:Keep-Alive
    Content-Length:5166
    Content-Type:application/json; charset=UTF-8
    Date:Thu, 25 May 2017 06:30:36 GMT
    Keep-Alive:timeout=5, max=100
    Link:<http://cf2wp.localhost.net/wp-json/>; rel="https://api.w.org/"
    Server:Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.1.1
    Vary:Origin
    X-Content-Type-Options:nosniff
    X-Powered-By:PHP/7.1.1
    X-Robots-Tag:noindex
    
  • 但接下来发出的请求没有设置wordpress cookies。它只有cf2.localhost.net

    中加密的laravel
    Accept:application/json, text/javascript, */*; q=0.01
    Accept-Encoding:gzip, deflate, br
    Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
    Connection:keep-alive
    Content-Length:27
    Content-Type:application/json; charset=UTF-8
    Cookie:jenkins-timestamper-offset=-28800000; olfsk=olfsk19949676680174977; hblid=HFZEjdNeyuKRupkV3m39N0H8REA26ar9; _ga=GA1.1.1566562504.1495496019; io=qjc8cwjKxij4G9ggAAAA
    Host:localhost
    Origin:http://cf2.localhost.net
    Referer:http://cf2.localhost.net/home
    User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
    

知道发生了什么事吗?

1 个答案:

答案 0 :(得分:0)

在跨网站请求中,默认情况下浏览器不会发送凭据。您需要显式设置以下属性:

request.withCredentials = true