浏览器未设置CORS Cookie,响应中包含Cookie

时间:2019-06-14 06:41:06

标签: node.js session cookies cors session-cookies

我正在将http请求发送到node.js服务器的API端点,此响应包含cookie,并显示在mozilla调试器中。我正在通过 localhost.org 或虚拟主机(例如 myapp.example.com )发送此请求。 我也尝试了AJAX XMLHTTPRequest和angular http 还为AJAX添加 xhrFields:{withCredentials:true} 凭据:“ include” (用于提取等)

但是浏览器未设置cookie,我已经尝试了2天,但此问题尚未解决。

这是发送ajax请求的util函数 

function sendServerRequest(url,method,data) {
return new Promise(function ( resolve ) {
    resolve($.ajax({
        url,
        method: method || 'GET',
        data,
        xhrFields: {withCredentials: true},
        crossDomain: true,
        success: function ( data ) {
            return data
        },
        error: function ( err ) {
            try {
                let responseStatus = err.responseJSON
                if ( responseStatus.status === sessionExpires ) {
                    sessionExpireCall(responseStatus.message)
                }
            } catch ( e ) {
                console.log('Failed to get response');
            }
        }
    }));
 })
}

响应原始 

HTTP/1.1 200 OK
X-RateLimit-Limit: 13000
X-RateLimit-Remaining: 12996
Date: 2019-06-26 06:17:56
X-RateLimit-Reset: 1561533343
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: http://192.168.10.3
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type,             
Authorization
Access-Control-Allow-Credentials: true
set-cookie: true
set-cookie: driverId=c81e728d9d4c2f636f067f89cc14862c; Max-Age=3600;       
Domain=192.168.10.3; Path=/; Expires=Wed, 26 Jun 2019 07:17:56 GMT
set-cookie: driverName=kamran; Max-Age=3600; Domain=192.168.10.3; Path=/; 
Expires=Wed, 26 Jun 2019 07:17:56 GMT
set-cookie: connect.sid=s%3AX- syECgzpFEZhh4d5B_xfStUoYPrO3p1.%2FPj%2BMo7UnaZto6OGoP%2BOjdKvrJ%2F3Fm%2Bn1BJ%2FXU7Qdh8; Domain=192.168.10.3; Path=/; Expires=Wed, 26 Jun 2019 07:17:56 GMT; HttpOnly
Content-Type: application/json; charset=utf-8
Content-Length: 34
ETag: W/"22-tpsDmOyD3m/F84/JvyRCwDCbeY8"
Connection: keep-alive

{"detail":"verified","status":200}

请求原始 

GET http://localhost:3000/driverboard/verifycode? 
mobile=923002222222&vcode=2609 HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Accept: */*
Origin: http://192.168.10.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Referer: http://192.168.10.3/capptin-driverboard/verification.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: true

http request snapshot

2 个答案:

答案 0 :(得分:5)

CORS与Cookie无关,而CORS与HTTP标头有关。它允许发出跨域请求(从一个域到另一个域。例如,从myapp.example.com到google.com)。 Cookie仅发送到同一域,例如,从myapp.example.com发送,您可以将Cookie发送到同一域.example.com

文档在https://developer.mozilla.org/ru/docs/Web/HTTP/CORS

答案 1 :(得分:1)

您可以使用“ /”作为路径将cookie附加到响应中。

在c#核心中添加cookie。将其附加到响应:

<?php 
class MyClass
{
    public $first_name;
}

$data = json_decode(file_get_contents('abd.json'), true);

$user = new MyClass();
$user->first_name = $data['firstname'];

或在javascript中创建cookie:

context.Response.Cookies.Append(cookieNameAsString, cookieValue, new CookieOptions()
    {
        Expires = time,
         Path = "/",
     });
相关问题
最新问题