[英]Cookie in AJAX response from other domain not honored - are there workarounds
I have a server-side API on the domain api.example.com
我在域
api.example.com
上有一个服务器端 API
User is visiting www.website.com
where a script makes an XmlHttpRequest to api.example.com
and gets a response with a cookie.用户正在访问
www.website.com
,其中脚本向api.example.com
发出 XmlHttpRequest 并获得带有 cookie 的响应。
It appears the API's response cookie is not honored by the HTTP agent.看起来 API 的响应 cookie 不受 HTTP 代理的支持。
I'm aware of the non-cross-domain-leaking-cookie policy, but I thought the domain here would be api.example.com
.我知道非跨域泄漏 cookie 策略,但我认为这里的域是
api.example.com
。 Seems I guessed wrong.好像猜错了
Is there some other way that my API on api.example.com
could remember user data from one site to another?我在
api.example.com
API api.example.com
可以通过其他方式记住从一个站点到另一个站点的用户数据? If not, how could services like Criteo and other retargeting sites work, from this point of view?如果没有,从这个角度来看,像 Criteo 和其他重定向网站这样的服务如何工作?
Make sure your API set:确保您的 API 设置:
Access-Control-Allow-Credentials
header to true
in possible preflight response and regular response, Access-Control-Allow-Credentials
标头在可能的预检响应和常规响应中设置为true
,Access-Control-Allow-Origin
header to value of the origin from the actual request, Access-Control-Allow-Origin
标头到来自实际请求的源值,XMLHttpRequest.withCredentials
to true
.XMLHttpRequest.withCredentials
设置为true
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.