我正在使用node-oidc-provider库来运行示例实例。注册客户端后,我以/auth
,scope
,redirect_uri
,response_type
作为查询字符串向client_id
路由请求。我在chrome dev-tools中检查了请求和响应,结果是
http://localhost:3000/auth?scope=openid&response_type=code&redirect_uri=http://localhost:9000/callback&client_id=yZp54Rngmg-dhW4EBE4AR
General
Request URL: http://localhost:3000/auth?scope=openid&response_type=code&redirect_uri=http://localhost:9000/callback&client_id=yZp54Rngmg-dhW4EBE4AR
Request Method: GET
Status Code: 302 Found
Remote Address: [::1]:3000
Referrer Policy: no-referrer-when-downgrade
Response Headers
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Length: 99
Content-Type: text/html; charset=utf-8
Date: Wed, 13 Nov 2019 13:28:59 GMT
Location: /interaction/OLTLNFgeyTyRg2IuLgiAN
Pragma: no-cache
Set-Cookie: _interaction=OLTLNFgeyTyRg2IuLgiAN; path=/interaction/OLTLNFgeyTyRg2IuLgiAN; expires=Wed, 13 Nov 2019 13:38:59 GMT; samesite=lax; httponly
Set-Cookie: _interaction.sig=5bUYuQJjjZcDmNSPc3mHM83ENKM; path=/interaction/OLTLNFgeyTyRg2IuLgiAN; expires=Wed, 13 Nov 2019 13:38:59 GMT; samesite=lax; httponly
Set-Cookie: _interaction_resume=OLTLNFgeyTyRg2IuLgiAN; path=/auth/OLTLNFgeyTyRg2IuLgiAN; expires=Wed, 13 Nov 2019 13:38:59 GMT; samesite=lax; httponly
Set-Cookie: _interaction_resume.sig=L40H4_SuZeZsqdrZIx5c1k25-Bw; path=/auth/OLTLNFgeyTyRg2IuLgiAN; expires=Wed, 13 Nov 2019 13:38:59 GMT; samesite=lax; httponly
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Host: localhost:3000
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Upgrade-Insecure-Requests: 1
Query String Parameters
scope: openid
response_type: code
redirect_uri: http://localhost:9000/callback
client_id: yZp54Rngmg-dhW4EBE4AR
如您所见,我在_interaction
的响应标头中得到了_interaction.sig
,_interaction_resume
,_interaction_resume.sig
,Location: /interaction/OLTLNFgeyTyRg2IuLgiAN
Cookie。现在,我想让您注意重定向(后续)请求中请求标头中发送的cookie。以下是请求和响应。
General
Request URL: http://localhost:3000/interaction/OLTLNFgeyTyRg2IuLgiAN
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:3000
Referrer Policy: no-referrer-when-downgrade
Response Headers
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Length: 5476
Content-Type: text/html; charset=utf-8
Date: Wed, 13 Nov 2019 13:28:59 GMT
ETag: W/"1564-vNoZwgSPXxSbBvmZ0SN4XEM8GlY"
Pragma: no-cache
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Cookie: _interaction=OLTLNFgeyTyRg2IuLgiAN; _interaction.sig=5bUYuQJjjZcDmNSPc3mHM83ENKM
Host: localhost:3000
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Upgrade-Insecure-Requests: 1
在请求标头中,仅发送了两个Cookie,分别为_interaction
和_interaction.sig
。我想知道在哪里过滤掉请求中的Cookie的逻辑在哪里?这是用户代理的默认行为吗(例如我的Chrome)?我所知道的是临时重定向会立即发生,这是所需的行为。我阅读了Redirections in HTTP和Location的mdn
文档。尽管资源非常有用,但无法回答我的问题。如果可以的话,请提供给我任何指示。