简体繁体 English

从另一个域的服务器读取Cookie

[英]Reading cookies from server from another domain

原文 2015-01-05 16:32:10 8 1 javascript/ angularjs/ web-services/ rest/ cookies

I have a UI in AngularJS making calls to REST webservice in Java. 我在AngularJS中有一个UI，可以用Java调用REST Web服务。 Both are deployed on different domains. 两者都部署在不同的域上。 The webservice and AngularJS both have CORS enabled. webservice和AngularJS都启用了CORS。

The webservice returns a cookie as part of one REST request. Web服务将cookie作为一个REST请求的一部分返回。 The cookie has the webservice domain in it. Cookie中包含Web服务域。

In my AngularJS app, I will be making that REST request to the server and then have to read that cookie returned as response. 在我的AngularJS应用中，我将向服务器发出REST请求，然后必须读取作为响应返回的cookie。

How can I read the cookie returned back from that webservice? 我如何读取从该Web服务返回的cookie？ I have read that I cannot access the cookies which are from different domain. 我已阅读到我无法访问来自不同域的cookie。 I have not exactly understood how does this actually work. 我还不完全了解这实际上是如何工作的。

Another question is that if I cannot read the cookie, then can I set cookie from AngularJS app for that domain and that will be sent across to the webservice? 另一个问题是，如果我无法读取Cookie，那么我可以从AngularJS应用中为该域设置Cookie，并将其发送到Web服务吗？

1 个解决方案

You can't access cookies from another domain via JS, and may not be able to access them at all from JS depending on the properties of the cookie. 您无法通过JS从另一个域访问cookie，并且可能完全无法从JS访问它们，具体取决于cookie的属性。 This is all enforced by the browser. 这全部由浏览器强制执行。

If you are using an API hosted on another domain, then you might consider using tokens and local storage , and then using an HttpInterceptor to add the security token to your headers when making calls. 如果您使用的是托管在另一个域上的API， 则可以考虑使用令牌和本地存储，然后在调用时使用HttpInterceptor将安全令牌添加到标头中。

If your security infrastructure depends on you having cookies , then you are going to have to use some kind of shared token that can be exchanged for a cookie on both domains. 如果您的安全基础结构依赖于您拥有cookie ，那么您将不得不使用某种可以在两个域上交换为cookie的共享令牌。