Set-Cookie标头未显示在Google Chrome中

时间:2019-04-17 22:20:33

标签: angular google-chrome spring-boot http

问题

我正在运行带有设置cookie的Post端点的Spring Boot服务器。当从我的角度应用向终端发出请求时,我在Chrome开发控制台的响应标题中看不到Set-Cookie标头。为什么Set-Cookie标头不显示?

调查摘要

使用curl时,Set-Cookie响应标头确实显示在响应标头中,Safari中也存在Set-Cookie,并且它显示在chrome net-export日志中。

环境

  • 我在Mac上的/ etc / hosts文件中为xxx.com添加了一个指向我的本地主机的条目。
  • 我正在runtime.libcCallruntime.asmcgocall命令托管角度UI。
  • 我正在ng serve --host 0.0.0.0 --disable-host-check上运行spring boot服务器
  • 感兴趣的帖子终点位于http://example.com:4200
  • 使用最新版本的Chrome http://example.com:8080

尝试调试

Safari

Set-Cookie标头在Safari开发人员控制台的响应标头中可见。

Chrome

Chrome开发者控制台

转到devconsole->网络->验证请求。我查看了请求和响应头,而Set-Cookie不在那儿。

请求标头

http://example.com:8080/accounts/v1/user/authenticate

响应头

Version 73.0.3683.103 (Official Build) (64-bit)

使用Chrome chrome:// net-export /

我保存了发布请求的日志。有趣的是,Set-Cookie标头确实出现在这些日志中。此外,Cookie标头的确也会显示在请求中(可能是从以前的尝试中保存的)。

Accept: application/json, text/plain, */*
Content-Type: application/json
Origin: http://example.com:4200
Referer: http://example.com:4200/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

使用Chrome选项

一些帖子建议禁用此Chrome选项Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://example.com:4200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: keep-alive Content-Type: application/json;charset=UTF-8 Date: Wed, 17 Apr 2019 21:58:52 GMT Expires: 0 Pragma: no-cache Server: nginx/1.15.6 Transfer-Encoding: chunked Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block 。但这没有效果。

角度

在我的发帖请求中添加了t=190196 [st= 0] +REQUEST_ALIVE [dt=125] --> priority = "MEDIUM" --> url = "http://example.com/accounts/v1/user/authenticate" t=190196 [st= 0] NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=0] t=190196 [st= 0] +URL_REQUEST_START_JOB [dt=124] --> load_flags = 0 (NORMAL) --> method = "POST" --> privacy_mode = 0 --> upload_id = "0" --> url = "http://example.com/accounts/v1/user/authenticate" t=190197 [st= 1] NETWORK_DELEGATE_BEFORE_START_TRANSACTION [dt=0] t=190197 [st= 1] HTTP_CACHE_GET_BACKEND [dt=0] t=190197 [st= 1] +HTTP_STREAM_REQUEST [dt=0] t=190197 [st= 1] HTTP_STREAM_JOB_CONTROLLER_BOUND --> source_dependency = 16598 (HTTP_STREAM_JOB_CONTROLLER) t=190197 [st= 1] HTTP_STREAM_REQUEST_BOUND_TO_JOB --> source_dependency = 16599 (HTTP_STREAM_JOB) t=190197 [st= 1] -HTTP_STREAM_REQUEST t=190197 [st= 1] UPLOAD_DATA_STREAM_INIT [dt=0] --> is_chunked = false --> net_error = 0 (?) --> total_size = 43 t=190197 [st= 1] +HTTP_TRANSACTION_SEND_REQUEST [dt=0] t=190197 [st= 1] HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> POST /accounts/v1/user/authenticate HTTP/1.1 Host: example.com Connection: keep-alive Content-Length: 43 Accept: application/json, text/plain, */* Origin: http://example.com:4200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Content-Type: application/json Referer: http://example.com:4200/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: Authorization="xxxx" t=190197 [st= 1] HTTP_TRANSACTION_SEND_REQUEST_BODY --> did_merge = false --> is_chunked = false --> length = 43 t=190197 [st= 1] UPLOAD_DATA_STREAM_READ [dt=0] --> current_position = 0 t=190197 [st= 1] UPLOAD_DATA_STREAM_READ [dt=0] --> current_position = 43 t=190197 [st= 1] -HTTP_TRANSACTION_SEND_REQUEST t=190197 [st= 1] +HTTP_TRANSACTION_READ_HEADERS [dt=122] t=190197 [st= 1] HTTP_STREAM_PARSER_READ_HEADERS [dt=122] t=190319 [st=123] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 200 OK Server: nginx/1.15.6 Date: Wed, 17 Apr 2019 21:27:35 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Expires: 0 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: Authorization="xxxx"; Version=1; Domain=.example.com; Max-Age=1031; Expires=Wed, 17-Apr-2019 21:44:46 GMT X-XSS-Protection: 1; mode=block Pragma: no-cache X-Frame-Options: DENY Access-Control-Allow-Origin: http://example.com:4200 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff t=190319 [st=123] -HTTP_TRANSACTION_READ_HEADERS t=190319 [st=123] NETWORK_DELEGATE_HEADERS_RECEIVED [dt=0] t=190320 [st=124] -URL_REQUEST_START_JOB t=190320 [st=124] URL_REQUEST_DELEGATE_RESPONSE_STARTED [dt=0] t=190320 [st=124] HTTP_TRANSACTION_READ_BODY [dt=1] t=190321 [st=125] URL_REQUEST_JOB_FILTERED_BYTES_READ --> byte_count = 698 --> bytes = "xxxx" t=190321 [st=125] HTTP_TRANSACTION_READ_BODY [dt=0] t=190321 [st=125] -REQUEST_ALIVE 选项(成角度)。但这并不能解决问题。

卷曲

我尝试使用curl模拟来自UI的请求

chrome://flags/#site-isolation-trial-opt-out

请求的响应标头包含设置的cookie标头

withCredentials: true

2 个答案:

答案 0 :(得分:0)

我注意到了相同的行为(使用Chrome 75)。我不知道为什么Chrome开发人员工具在“网络”标签下不显示Set-Cookie响应标头。 (似乎应该如此。)但是,如果您在“应用程序”选项卡下查看,则可以验证是否已设置cookie(请参阅“应用程序”->“存储”->“ cookies”)。在这里,您还可以编辑和清除Cookie。

答案 1 :(得分:0)

这似乎是由于 Chrome 中的一个错误造成的。将 Chrome 更新到最新版本为我解决了这个问题。