请帮助我弄清楚为什么在响应标头中存在Set-Cookie标头的情况下,浏览器(Chrome和其他任何浏览器)却未设置Cookie的原因:
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 345
Content-Type: application/json; charset=utf-8
Date: Sat, 18 Jan 2020 21:15:53 GMT
ETag: W/"159-UXuykOchcveuYBb7xZpN5Luf3jU"
Set-Cookie: jwt=************; Path=/; Expires=Fri, 17 Apr 2020 21:15:53 GMT; HttpOnly
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
我的应用运行在:http://localhost:8080
答案 0 :(得分:1)
您似乎正在使用CORS。
要设置带有CORS的Cookie,您需要在发出请求时设置topic_created_at
标志。
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
服务器将需要返回标头topic_id
。您还需要更改SELECT c.`id`, w.`qty`, COUNT(c.`id`) AS pieces, c.`location`
FROM `control` AS c
LEFT JOIN `warehouse` AS w ON w.`id` = c.`id`
WHERE c.`code` = '40'
GROUP BY c.`id`
,因为您不能在使用凭据的请求上使用通配符。
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
从Chrome 80开始,您还需要在Cookie上设置`control` c `warehouse` w
+----+--------+------+----------+ +------+-------+
| id | pieces | code | location | | id | qty |
+----+--------+------+----------+ +------+-------+
| 112| 112-1 | 40 | london | | 112 | 3 |
| 112| 112-2 | 40 | london | | 113 | 3 |
| 112| 112-3 | 40 | london | | 114 | 1 |
| 113| 113-1 | 40 | italy | | 115 | 1 |
| 113| 113-2 | 40 | italy | +--------------+
| 113| 113-3 | 40 | italy |
| 114| 114-1 | 41 | france |
| 115| 115-1 | 41 | france |
| 112| 112-1 | 40 | germany |
| 112| 112-2 | 40 | germany |
| 112| 112-3 | 40 | germany |
| 113| 112-1 | 40 | russia |
| 113| 112-2 | 40 | russia |
| 113| 112-3 | 40 | russia |
| 112| 112-1 | 40 | poland |
| 112| 112-2 | 40 | poland |
| 112| 112-3 | 40 | poland |
+-------------------------------+
和+-----+-----+--------+----------+
| id | qty | pieces | location |
+-----+-----+--------+----------+
| 112 | 3 | 9 | poland |
| 113 | 3 | 6 | russia |
+-------------------------------+
指令。
https://www.chromestatus.com/feature/5088147346030592
https://www.chromestatus.com/feature/5633521622188032
https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/
要检查是否设置了cookie,您不能简单地打开应用程序> cookie 来检查cookie。 cookie将设置为+-----+-----+--------+----------+
| id | qty | pieces | location |
+-----+-----+--------+----------+
| 112 | 3 | 3 | london |
| 113 | 3 | 3 | italy |
| 112 | 3 | 3 | germany |
| 113 | 3 | 3 | russia |
| 112 | 3 | 3 | poland |
+-------------------------------+
,因此查看GROUP BY
的cookie不会显示它。相反,您需要打开另一个指向pieces
的标签,然后在其中查看 Application> Cookies 。 Cookie在标签之间共享,因此您仍然可以查看由原始withCredentials
标签设置的Cookie。
让跨域Cookie与Safari配合使用是另一回事。如果您需要支持Safari,建议您做一些研究,因为您可能需要完全采用其他策略。