我正在尝试在REST API上使用Flask上的会话来在浏览器上设置Cookie。当使用Postman请求API时,Cookie设置正确,但是当我尝试在NGINX Web服务器上使用Javascript调用路由时,Cookie似乎不起作用。
我的应用程序配置为:
app.py:
from flask import Flask, session, jsonify
from flask_cors import CORS
app = Flask(__name__)
CORS(app)
app.secret_key = "0552bcfda3f98940bfecd53296d12c65"
@app.route('/login', methods=['POST'], endpoint='login')
def login():
session['exists'] = 'yes'
return jsonify({'message': 'logged'})
if __name__ == '__main__':
app.run(port=8000, debug=True)
index.html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<input id="btn-submit" type="submit"><br>
<script>
var buttonSubmit = document.querySelector('#btn-submit')
buttonSubmit.addEventListener("click", (event) => {
event.preventDefault()
var request = new XMLHttpRequest();
request.open("POST", "http://127.0.0.1:8000/login", true)
request.setRequestHeader("Content-type", "application/json")
request.send()
})
</script>
</body>
</html>
/ etc / nginx / sites-enabled / app:
server {
listen 80 default_server;
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
root /home/Documents/Python/;
index index.html;
}
location /app {
rewrite ^/app/(.*) /$1 break;
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP ip_address;
}
}