为什么 Chrome 会忽略 Set-Cookie 标头?
[英]Why does Chrome ignore Set-Cookie header?
问题描述
Chrome has a long history of ignoring Set-Cookie header. 
Chrome 长期以来一直忽略 Set-Cookie 标头。 Some of these reasons have been termed bugs and fixed, others are persistent.其中一些原因被称为错误并已修复,其他原因是持久的。 None of them are easy to find in documentation.它们都不容易在文档中找到。
- Set-Cookie not allowed in 302 redirects 302 重定向中不允许设置 Cookie
- Set-Cookie not allowed if host is localhost如果主机是本地主机,则不允许设置 Cookie
- Set-Cookie not allowed if Expires is out of acceptable range如果 Expires 超出可接受范围,则不允许设置 Cookie
I am currently struggling with getting chrome to accept a simple session cookie.我目前正在努力让 chrome 接受一个简单的会话 cookie。 Firefox and Safari seem to accept most any RFC compliant string for Set-Cookie. Firefox 和 Safari 似乎接受大多数符合 RFC 标准的 Set-Cookie 字符串。 Chrome stubbornly refuses to acknowledge that a Set-Cookie directive was even sent on the request (does not show up in Developer Tools (Network)). Chrome 顽固地拒绝承认甚至在请求中发送了 Set-Cookie 指令(未显示在开发人员工具(网络)中)。 curl looks fine.卷曲看起来不错。
So does anyone have either 1) modern best practices for cross-browser Set-Cookie formatting or 2) more information regarding what can cause Chrome to bork here?那么有没有人有 1)跨浏览器 Set-Cookie 格式化的现代最佳实践,或者 2)关于什么可能导致 Chrome 在这里卡顿的更多信息?
Thanks.谢谢。
1 个解决方案
解决方案1
2 2020-11-03 23:26:52
One thing that has bitten me and is not on your list: if you are trying to set a secure cookie through HTTP on localhost , Chrome will reject it because you are not using HTTPS.一件事让我感到困扰,但不在您的列表中:如果您尝试在localhost上通过 HTTP 设置安全 cookie,Chrome 将拒绝它,因为您没有使用 HTTPS。
This kind of makes sense, but is annoying for local development.这是有道理的,但对本地开发来说很烦人。 (Firefox apparently makes an exception for this case and allow to set secure cookies over HTTP on localhost ). (Firefox 显然在这种情况下是个例外,并允许在localhost上通过 HTTP 设置安全 cookie)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.