我们正在尝试向另一个编码器发送一个示例网页,其中包含对我们的ServiceStack服务进行身份验证的JavaScript,然后运行示例服务。该代码在Chrome中运行时失败,我相信这是因为auth cookie未正确设置(Auth服务正常,但第二个经过身份验证的服务返回401)。看起来Chrome会丢弃“无服务器”网页中的Cookie。我们有办法让这个例子正常运作吗?
Response headers of auth:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Vary: Accept
Server: Microsoft-IIS/10.0
X-Powered-By: ServiceStack/5.02 NET45 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-id=P50BQ7hjt9SVLUWBzg3a; path=/; HttpOnly
Set-Cookie: ss-pid=NaswTwDxcaDAj485XuSE; expires=Sun, 14-Feb-2038 13:04:20 GMT; path=/; HttpOnly
Set-Cookie: ss-opt=temp; expires=Sun, 14-Feb-2038 13:04:20 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Wed, 14 Feb 2018 13:04:21 GMT
Content-Length: 267
Request headers of subsequent service (returns an .mp4 file):
GET /svc/VidClip/20171000272/1/245/0/1/H080301.mp4 HTTP/1.1
Host: localhost
Connection: keep-alive
Origin: null
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.9
Range: bytes=0-
Response Headers (note the ss-pid and ss-id do not match):
HTTP/1.1 401 Unauthorized
Cache-Control: private
Vary: Accept
Server: Microsoft-IIS/10.0
WWW-Authenticate: DV realm="/auth/credentials"
X-Powered-By: ServiceStack/5.02 NET45 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-pid=RKC1hyQc1ePk1gF50WOB; expires=Sun, 14-Feb-2038 13:04:21 GMT; path=/; HttpOnly
Set-Cookie: ss-id=zYtKpO6WpuTDx49LNgsW; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Wed, 14 Feb 2018 13:04:21 GMT
Content-Length: 0
示例代码
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Vid Test - localhost</title>
<script src="http://code.jquery.com/jquery-2.2.4.min.js" integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44="
crossorigin="anonymous"></script>
<script>
$(function () {
var basic = new Object();
basic.username = 'xxxxxxx';
basic.password = 'yyyyyyy';
$('button').off('click').on('click', function (_e) {
$.ajax({
type: 'POST',
url: 'http://localhost/svc/auth',
data: JSON.stringify(basic),
dataType: 'json',
accept: 'application/json',
contentType: 'application/json; charset=UTF-8',
}).done(function(_d){
$('video').attr('crossOrigin', 'anonymous');
$('video').attr('src', 'http://localhost/svc/VidClip/20171000272/1/245/0/1/H080301.mp4');
$('video')[0].play();
}).fail(function(_err){
console.log(_err);
});
});
});
</script>
<style>
body {
padding: 20px;
}
</style>
</head>
<body>
<button>Click me!</button>
<div class="video">
<video></video>
</div>
</body>
</html>
答案 0 :(得分:1)
问题是HTTP请求不包含从身份验证请求返回的Cookie。来自本地文件系统的.html页面存在额外的安全限制,之前您可以使用--enable-file-cookies标志打开chrome.exe但since been removed因此需要服务器来自本地的.html文件用于将Cookie包含在ajax请求中的HTTP服务器(例如http://127.0.0.1/test.html)。