我的API服务器发送的Cookie存在问题。我使用React app作为前端和PHP后端服务器,它们有不同的域。流程如下:用户登录并且前端发送XMLHTTPRequest,并将“withCredentials”设置为后端服务器,然后后端服务器以此响应
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 04 May 2018 02:37:01 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: Content-Type, X-CSRF-TOKEN
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://frontend.com
Message: Successfully logged in.
Set-Cookie: cookie-token1=; HttpOnly; Path=/; Domain=frontend.com
Set-Cookie: cookie-token2; Path=/; Domain=frontend.com
Content-Encoding: gzip
虽然后端以cookie响应,但cookie不会存储在浏览器中。我将Allow-Credentials和Allow-Origin标头添加到服务器响应中,以便浏览器确认cookie,但cookie仍未存储。有谁知道可能是什么问题?