(仅限 Safari)Axios 请求不会将 cookie 发送到 Node.js/Express REST API
[英](Safari Only) Axios request does not send cookies to Node.js/Express REST API
问题描述
Problem
问题
I am building a Vue.js web app and a Node.js/Express REST API.我正在构建一个 Vue.js Web 应用程序和一个 Node.js/Express REST API。
When sending cookies after login, they are received, but not send back with the next request.登录后发送 cookie 时,它们会被接收,但不会与下一个请求一起发回。
Backend后端
Node.js/Express REST API (running locally over HTTP (not HTTPS) on http://localhost:3000 ) Node.js/Express REST API(在http://localhost:3000上通过 HTTP(非 HTTPS)本地运行)
CORS is enabled using middleware with the following options:使用具有以下选项的中间件启用 CORS:
app.use(require('cors')({
origin: ['http://127.0.0.1:8080', 'http://localhost:8080'],
methods: 'GET,POST,PUT,DELETE',
credentials: true
}))
After a successful login (which required a successful OPTIONS/preflight request), the response looks as follows:成功登录后(需要成功的 OPTIONS/预检请求),响应如下所示:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:8080
Content-Type: application/json; charset=utf-8
Vary: Origin
Set-Cookie: session=XXX; Max-Age=604800; Path=/api/v0; Expires=Thu, 02 Apr 2020 15:36:42 GMT; HttpOnly; SameSite=Lax
Set-Cookie: token=XXX; Max-Age=1800; Path=/api/v0; Expires=Thu, 26 Mar 2020 16:06:42 GMT; HttpOnly; SameSite=Lax
X-XSS-Protection: 1; mode=block
Date: Thu, 26 Mar 2020 15:36:42 GMT
Access-Control-Allow-Credentials: true
Content-Length: 203
Connection: keep-alive
X-Content-Type-Options: nosniff
ETag: W/"cb-dRDu0E2yjk3BHs7J/aXoYLLzsGM"
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
So to reiterate: cookies are set including Max-Age , Path , Expires , HttpOnly , and SameSite=Lax parameters after a successful CORS OPTIONS preflight request.所以重申:在成功的 CORS OPTIONS 预检请求后,cookie 的设置包括Max-Age 、 Path 、 Expires 、 HttpOnly和SameSite=Lax参数。
Frontend前端
Vue.js web app using Axios (running locally over HTTP (not HTTPS) on http://localhost:8080 )使用 Axios 的 Vue.js Web 应用程序(在http://localhost:8080上通过 HTTP(非 HTTPS)本地运行)
Requests are sent using Axios with the withCredentials: true option.使用带有withCredentials: true选项的 Axios 发送请求。 With Firefox, the token and session cookies are automatically included as a Cookie: session=XXX; token=XXX使用 Firefox,令牌和会话 cookie 会自动包含为Cookie: session=XXX; token=XXX Cookie: session=XXX; token=XXX header, but on Safari they are not. Cookie: session=XXX; token=XXX标头,但在 Safari 上它们不是。
import Axios, { AxiosResponse } from 'axios'
const API = Axios.create({
baseURL: 'http://127.0.0.1:3000/api/v0',
timeout: 5000,
withCredentials: true
})
...
async login(email: string, password: string): Promise<AuthenticationResponse> {
return handleResponse(API.post('/auth/login', { email, password }))
}
...
async getUserById(id: string): Promise<UserResponse> {
return handleResponse(API.get('/users/' + id))
}
How can I solve this?我该如何解决这个问题? Is Safari safer in some way that it is not willing to send the cookies? Safari 在某些方面是否更安全,它不愿意发送 cookie? What settings do I change on the frontend or backend?我在前端或后端更改哪些设置?
1 个解决方案
解决方案1
0 已采纳 2020-03-26 18:13:09
I figured it out and it's ridiculous...我想通了,这太荒谬了......
Navigate to the web app using 127.0.0.1:8080 instead of localhost:8080 and everything works as intended.使用127.0.0.1:8080而不是localhost:8080导航到 Web 应用程序,一切都按预期工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.