使用台式机浏览器(仅适用于Chrome)时,我可以正常登录并登录端点,但是尝试使用移动浏览器登录或登录时,服务器超时。我怀疑这是因为我的会话cookie和csurf cookie没有随我的获取请求一起发送。
我已经在移动浏览器上打开了Safari开发,并且它不显示任何cookie。我现在怀疑这是因为MaxAge-
请注意,我的api和客户端位于单独的域(Heroku和Netlify)上。请参见下面的代码:
CORS选项
const options = {
origin: "clientUrl",
methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
allowedHeaders: [
"Content-Type",
"Access-Control-Allow-Headers",
"Access-Control-Allow-Origin",
"Authorization",
"csrf-token"
],
exposedHeaders: [
"Content-Type",
"Access-Control-Allow-Headers",
"Access-Control-Allow-Origin",
"Authorization",
"csrf-token"
],
maxAge: 3600,
preflightContinue: true,
credentials: true
};
CSURF配置
app.use(
csurf({
cookie: true,
domain: "clientUrl",
sameSite: "none"
})
);
Express Session Config
app.use(
session({
//This is our Encryption Key
secret: process.env.sessionCode,
//We set resave to false because our mongo store implements the "touch" function
resave: false,
//We Set saveUninitialized to false because we don't want to save unmodified
//sessions to our mongo store
secure: true,
domain: "clientUrl",
saveUninitialized: false,
unset: "destroy",
sameSite: "none",
store: new MongoStore({
mongooseConnection: mongoose.connection,
//We encrypt out store code
code: process.env.storeCode
})
})
);