[英]Cookies are not sent in cross-origin request
I'm working on little side project on my localhost and want it to send a JSON cross-origin request to my other server that implements some REST API in PHP.我正在我的本地主机上做一个小项目,并希望它向我的其他服务器发送一个 JSON 跨域请求,该服务器在 PHP 中实现了一些 REST API。
To process a request properly the server has to receive a cookie that is set when a user logs in.为了正确处理请求,服务器必须接收用户登录时设置的 cookie。
When I log in to my server and manually open API URL in a browser, I can see the Cookie:
header sent together with the request in F12 tools.当我登录到我的服务器并在浏览器中手动打开 API URL 时,我可以在 F12 工具中看到与请求一起发送的
Cookie:
标头。 However, when I do cross-origin request from a script on my localhost:但是,当我从本地主机上的脚本执行跨域请求时:
var xhr = new XMLHttpRequest();
xhr.open('GET', "https://devbox.my.domain/api.php", true);
xhr.setRequestHeader('Accept', 'application/json');
xhr.withCredentials = true;
xhr.send();
... Cookie:
header is not sent and I don't see any preflight OPTION
requests either when viewing Network
tab in F12 tools. ...
Cookie:
标头未发送,在 F12 工具中查看Network
选项卡时,我也没有看到任何预检OPTION
请求。
I'm not showing details of how I'm handling the request on the server with Access-Control-Allow-Origin: *
headers, etc because as you can see the problem occurs before, ie the server doesn't get the cookie in the first place.我没有显示我如何使用
Access-Control-Allow-Origin: *
标头等处理服务器上的请求的详细信息,因为正如您所看到的问题之前发生过,即服务器没有获取 cookie第一名。
The cookie has SameSite=Lax
, but that doesn't change the behavior. cookie 具有
SameSite=Lax
,但这不会改变行为。
Is there any way to force Cookie to be sent?有没有办法强制发送 Cookie?
如果要发送此 cookie 的内容,cookie 将保留在前端,则需要通过 get 调用或将其保存在标题中发送
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.