堆栈内存溢出
  简体   繁体   English

Nuxtjs:如何使用 HttpOnly Cookies 进行 Nuxt-Auth 策略

[英]Nuxtjs: How to use HttpOnly Cookies for Nuxt-Auth strategy

 原文  2021-01-09 11:46:41       javascript/ vue.js/ nuxt.js/ nuxt-auth

问题描述

I worked previously with Vuejs and decided to take a look into NuxtJs.我之前使用 Vuejs 并决定研究 NuxtJs。 In my previous applications my server sends a HttpOnly cookie which my client couldn't read.在我以前的应用程序中,我的服务器发送了一个客户端无法读取的 HttpOnly cookie。 So for auth I tried out NuxtAuth which has some startegies and I noticed that it is not possible to use a HttpOnly cookie as strategy.因此,对于身份验证,我尝试了 NuxtAuth,它有一些技巧,我注意到不可能使用 HttpOnly cookie 作为策略。 I think this is the limitation of the SSR.我认为这是 SSR 的局限性。 But is there a way to use HttpOnly Cookies with NuxtJs?但是有没有办法将 HttpOnly Cookies 与 NuxtJs 一起使用? My solution was to run API request only on Client-Side where I have the cookie.我的解决方案是仅在我有 cookie 的客户端上运行 API 请求。 This seems to work but I think this is maybe not the ideal solution.这似乎可行,但我认为这可能不是理想的解决方案。

So furthermore how can I setup axios for dev an prod env's in the nuxt.config?那么,如何在 nuxt.config 中为 dev 和 prod env 设置 axios? When I use the baseURL attribute I got always cors so I tried the proxy which works but the cookies are rejected with the message: The cookie "access_token_cookie" was declined due to invalid domain rights.当我使用 baseURL 属性时,我总是得到 cors 所以我尝试了有效的代理,但 cookies 被拒绝并显示消息:由于无效的域权限,cookie“access_token_cookie”被拒绝。 I thinks this is because the proxy is localhost in dev right?我认为这是因为代理是 dev 中的 localhost 对吗? Is there a solution for that?有解决方案吗?

So any ideas how I can implement HttpOnly authtentication in Nuxt?那么有什么想法可以在 Nuxt 中实现 HttpOnly 身份验证吗?

1 个解决方案

解决方案1
 0  2022-08-17 10:18:54


You can easily set httpOnly cookie options to true :您可以轻松地将httpOnly cookie 选项设置为true

auth: {
  cookie: {
    options: {
      httpOnly: true
    },
  },
}

I recommend you check the environment to be true only on production environment.我建议您仅在生产环境中检查环境是否为true Because if it is set to false on development, the token cookie is not accessable: You can write it like this:因为如果在开发时设置为false ,则令牌 cookie 不可访问:您可以这样写:

httpOnly: process.env.NODE_ENV === 'production'

In nuxt auth documentation , This option is not mentioned: But it works for me :)nuxt auth 文档中,未提及此选项:但它对我有用 :)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 nuxt-auth 模块的 Keycloak - Keycloak with nuxt-auth module 如何从 Nuxt 3 服务器访问 httpOnly cookies - How to access httpOnly cookies from Nuxt 3 server 如何让 Nuxt-auth 和 Nuxt-i18n 成为朋友 - How to make Nuxt-auth and Nuxt-i18n to be friends NuxtJs Auth 与本地策略 - NuxtJs Auth with local strategy 当其中一个 API 响应 Unauthorized 401 (Nuxt-Auth) 时如何注销用户 - How logout user when one of APIs responds Unauthorized 401 (Nuxt-Auth) 如何将 window.fetch() 与 httpOnly cookies 或基本身份验证一起使用 - How do I use window.fetch() with httpOnly cookies or basic auth 如何在 Nuxt3 中使用 @nuxtjs/axios 模块? - How to use the @nuxtjs/axios module with Nuxt3? Nuxt-auth v5 模块未在商店中设置登录用户 state - Nuxt-auth v5 module does not set loggedin user in store state 如何将基本身份验证与 axios nuxt 模块一起使用 - How to use basic auth with axios nuxt module 更改 nuxt js Auth cookies 名称 - Change nuxt js Auth cookies name
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM