前端位于localhost:4200,后端位于localhost:8080
我在后端和前端实现了CORS配置,所有其他API请求都可以正常工作。但是,Set-Cookie标志不会在我的浏览器中创建cookie。
当我使用Postman发出POST请求时,我正确地在Cookie标签中看到了Cookie。我没有在网络浏览器中看到cookie。
选项请求
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,credentials
OPTION响应
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Access-Control-Allow-Origin: http://localhost:4200
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, credentials
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Date: Fri, 30 Jun 2017 14:55:58 GMT
POST请求
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:4200/login
Content-Type: application/json
credentials: true
Content-Length: 48
Origin: http://localhost:4200
Connection: keep-alive
POST回复
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Access-Control-Allow-Origin: http://localhost:4200
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, credentials
Set-Cookie: ddd=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOjJmYXhhcyIsImV4cCI6MTQ5ODkyMDk1OH0.sKJLH1GvgbJP28ws2EOZpc8EH0SElB4VQX86m59G8BjT-QAaRW6sInnrF6Y_yNJcIEcrrw_itb-O26KkKza8aA
Content-Length: 0
Date: Fri, 30 Jun 2017 14:55:58 GMT
答案 0 :(得分:1)
为了能够在这种情况下设置cookie,您必须允许所有OPTIONS个请求从过滤器传递,因为它们不包含根据this question的cookie,更重要的是在从服务器withCredentials选项必须在服务器端和客户端都设置为true。永远不要忘记在服务器上启用CORS请求(您必须定义原点,例如localhost:4200,使用通配符*将无效)希望这有助于寻找这个问题的答案。
答案 1 :(得分:0)
对我有用的是 MrMisery 的回答,但我也添加了所有可用的方法(使用 Spring Boot):
\E当然在我的登录端点上我设置了 cookie:
#
RewriteMap maplower int:tolower
#
最后在我的 React 客户端的 Axios 中使用 withCredentials,如下所示:
/etc/init.d/apache2 restart
我无法在响应标头上看到 cookie,但是一旦我检查(使用 Chrome)开发工具 > 应用程序 > 存储部分 - Cookies 并单击 http://localhost:3000 就在那里!!!< /p>