这很奇怪,但是我只在android设备上的react-native应用程序中看不到我的Express服务器中的一些set-cookie标头!
我在我的node.js服务器上使用express
const express = require('express');
const csrf = require('csurf');
const cookieParser = require('cookie-parser');
const session = require('express-session');
const bodyParser = require('body-parser');
app.use(cookieParser());
app.use(session({
name: 'sid',
secret: CONSTANTS.SESSION_SECRET,
resave: false,
saveUninitialized: true
}));
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }));
// parse application/json
app.use(bodyParser.json());
const csrfProtection = csrf();
app.use(csrfProtection);
app.get('/', (request, response, next) => {
response.cookie('csrftoken', request.csrfToken());
response.status(200).send(...);
});
我只是设置了csrftoken cookie并发送了一些响应;
在客户端上,我首先获得邮件页面:
fetch(URL_INDEX, {
method: 'GET',
headers: {
'User-Agent': USER_AGENT,
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
}
}).then((response) => {
//check response here <--------------------------------
processCookies(response);
return response;
})
我在调试器中看到的答案:
在IOS中
Headers
map:Object
connection:"keep-alive"
content-length:"11716"
content-type:"text/html; charset=utf-8"
date:"Fri, 08 Feb 2019 10:58:25 GMT"
etag:"W/"2dc4-Ew7HRSMcOHECQlBtXIfAuuPw/Vs""
set-cookie:"csrftoken=bzKoDm5w-CdiLpGk0NWZ1TxaACRNJoRvVeng; Path=/, sid=s%3AGLvycaobuCL7xyIiNRBCXHSZU3SmHmAJ.vv9dzPurvicFvMb%2FkeB9Lshy6ZAQ0SvsMm8cR2ij9O8; Path=/; HttpOnly"
x-powered-by:"Express"
在Android中
Headers
map: Object
connection:"keep-alive"
content-length:"11716"
content-type:"text/html; charset=utf-8"
date:"Fri, 08 Feb 2019 10:52:52 GMT"
etag:"W/"2dc4-Ew7HRSMcOHECQlBtXIfAuuPw/Vs""
set-cookie:"sid=s%3AOgeCB1Xsu8yA0SKiXF5Xgdc5pE-gSjfs.cDNHgzc41X1JmnUKmY6Hn3J2%2BrjxbXpBt7%2FhXwN6HbQ; Path=/; HttpOnly"
x-powered-by:"Express"
您可以看到ios中存在csrftoken cookie作为响应,但在android上我们看不到它。
有什么想法吗?