Session Flask不会在浏览器上设置Cookie,Postman会设置

时间:2019-10-02 02:40:51

标签: javascript python nginx flask cookies

我正在尝试在REST API上使用Flask上的会话来在浏览器上设置Cookie。当使用Postman请求API时,Cookie设置正确,但是当我尝试在NGINX Web服务器上使用Javascript调用路由时,Cookie似乎不起作用。

我的应用程序配置为:

app.py:

from flask import Flask, session, jsonify
from flask_cors import CORS

app = Flask(__name__)
CORS(app)
app.secret_key = "0552bcfda3f98940bfecd53296d12c65"

@app.route('/login', methods=['POST'], endpoint='login')
def login():
    session['exists'] = 'yes'
    return jsonify({'message': 'logged'})

if __name__ == '__main__':
    app.run(port=8000, debug=True)

index.html:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta http-equiv="X-UA-Compatible" content="ie=edge">
        <title>Document</title>
    </head>
    <body>
        <input id="btn-submit" type="submit"><br>
    <script>

    var buttonSubmit = document.querySelector('#btn-submit')

    buttonSubmit.addEventListener("click", (event) => {
    event.preventDefault()
        var request = new XMLHttpRequest();
        request.open("POST", "http://127.0.0.1:8000/login", true)
        request.setRequestHeader("Content-type", "application/json")
        request.send()
    })
    </script>
    </body>
</html>

/ etc / nginx / sites-enabled / app:

server {
    listen 80 default_server;
    location / {
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';

        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
        }
    if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        }
    if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        }
    root /home/Documents/Python/;
    index index.html;
    }
    location /app {
    rewrite ^/app/(.*) /$1 break;
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP ip_address;
    }
}

0 个答案:

没有答案