我无法以任何浏览器都接受302响应的方式,从服务器端为本地主机设置cookie。当浏览器收到响应时,我可以看到下一个标题(其中一些):
Request URL: https://non-localhost-server-url
Request Method: GET
Status Code: 302 Found
Referrer Policy: no-referrer-when-downgrade
Response Headers
view source
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
location: http://127.0.0.1:8081/
Server: nginx
set-cookie: token=XXXXXXXXX; Version=1; Domain=127.0.0.1; Path=/
Request Headers
view source
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,uk;q=0.8,ru;q=0.7
Connection: keep-alive
Referer: http://127.0.0.1:8081/login
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
,但是浏览器无法保存cookie(我正在Chrome的内容设置中检查它)。我试图将cookie的域设置为localhost而不是完全不设置域,但这没有帮助。 也许应该出现一些其他标题?预先感谢。
答案 0 :(得分:0)
Request URL: https://non-localhost-server-url
HTTP响应只能为请求的域设置cookie。
您无法重定向到其他域并设置用于该域的cookie。
如果网站可以为其他任意网站设置Cookie,那将是一个主要的安全问题。