无法访问 Set-cookie 响应标头和/或 cookie 请求标头
[英]Unable to access Set-cookie response header and/or cookie request header
问题描述
I am trying to login into a platform using REST API.
我正在尝试使用 REST API 登录平台。 The platform Doc about REST API authentication say that when authenticated after posting the credential the post will return session cookie to send back on all subsequent authenticated requests.关于 REST API 身份验证的平台文档说,在发布凭据后进行身份验证时,该帖子将返回会话 cookie 以在所有后续经过身份验证的请求上发回。 The problem is I'm using cross domain which doesn't let me access to Set-cookie header or to cookie header.问题是我正在使用跨域,它不允许我访问 Set-cookie 标头或 cookie 标头。 I tried many things I saw on forums.我尝试了很多我在论坛上看到的东西。
This is the actual server configuration:这是实际的服务器配置:
Access-Control-Allow-Origin:*;Access-Control-Allow-Methods:GET, POST, OPTIONS;Access-Control-Expose-Headers:Set-Cookie;Access-Control-Allow-Headers:Set-Cookie;HttpOnly:false;
This the response headers I get after the post using this configuration:这是我使用此配置发布后获得的响应标头:
Access-Control-Allow-Headers:Set-Cookie
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://127.0.0.1:4482
Access-Control-Expose-Headers:Set-Cookie
Cache-Control:no-cache, no-store, private
Connection:keep-alive
Content-Length:10
Content-Type:text/plain; charset=utf-8
Date:Wed, 23 Mar 2016 08:51:02 GMT
HttpOnly:false
Server:Wisp/1.0.67.13
Set-Cookie:fanws=071b2016-2718-f680-7149-000d3ab17336-cea3f199fc0dd453;Path=/
X-Frame-Options:SAMEORIGIN
The value in Set-cookie header is not automatically set in the browser and it seem to be impossible to get using JavaScript. Set-cookie header 中的值不会在浏览器中自动设置,使用 JavaScript 似乎无法获取。 When I type:当我输入:
console.log(headers.getAllResponseHeaders());
I don't even see the Set-Cookie in the console.我什至没有在控制台中看到 Set-Cookie。 All I get is this:我得到的只是这个:
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache, no-store, private
I also used this configuration server side:我也使用了这个配置服务器端:
Access-Control-Allow-Origin:http://127.0.0.1:4482;
Access-Control-Allow-Methods:GET, POST, OPTIONS;
Access-Control-Expose-Headers:Set-Cookie;
Access-Control-Allow-Headers:Set-Cookie;
HttpOnly:false;
Access-Control-Allow-Credentials:true;
The only thing that have changed in client side is that the Set-Cookie disappeared from response headers and a Cookie header having the same value appeared in the request headers:客户端唯一改变的是 Set-Cookie 从响应标头中消失,并且具有相同值的 Cookie 标头出现在请求标头中:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Content-Length:103
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:fanws=071ad3d7-a5ad-4cc0-7ff4-000d3ab17336-d81da7968d36156c
Host:********
Origin:http://127.0.0.1:4482
Referer:http://127.0.0.1:4482/Skyspark.html
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
And I still have the same problem which is I can't access to cookies sent by server.而且我仍然遇到同样的问题,即我无法访问服务器发送的 cookie。
1 个解决方案
解决方案1
0 2016-03-23 11:13:02
The XHR API forbids direct access to cookie data . XHR API 禁止直接访问 cookie 数据。
Return all response headers, excluding headers that are a case-insensitive match for Set-Cookie or Set-Cookie2 , as a single string, with each header line separated by a U+000D CR U+000A LF pair, excluding the status line, and with each header name and header value separated by a U+003A COLON U+0020 SPACE pair.
You either need to pass the data using some other method, or just set withCredentials and let the browser handle the cookies internally.您要么需要使用其他方法传递数据,要么只需设置withCredentials并让浏览器在内部处理 cookie。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.