[英]How can you access cookies on a static S3 site behind a CloudFront distribution?
So I'm trying to deploy my website which works well when in a local environment, but when it is deployed to Cloudfront, it can't seem to access cookies.所以我正在尝试部署在本地环境中运行良好的网站,但是当它部署到 Cloudfront 时,它似乎无法访问 cookies。
My frontend tech stack is as follows: Angular site hosted on S3, cloudfront distribution in front of it, custom domain name with a valid ssl certificate.我的前端技术栈如下:托管在 S3 上的 Angular 站点,前面的云端分发,具有有效 ssl 证书的自定义域名。
When the user navigates to the login page, they can successfully submit the forum, and the server responds with a JWT token in the Set-Cookie
header.当用户导航到登录页面时,他们可以成功提交论坛,并且服务器响应
Set-Cookie
header 中的 JWT 令牌。
After this though, in the angular site it says that the access-token
cookie does not exist.但在此之后,在 angular 站点中,它说
access-token
cookie 不存在。 The strange part here is that on subsequent requests, the access-token
cookie is in fact forwarded back to the backend.这里奇怪的是,在后续请求中,
access-token
cookie 实际上被转发回后端。 (In the image below, the login button was pressed again, so the response cookie is the same as the request cookie.) (在下图中,再次按下登录按钮,因此响应 cookie 与请求 cookie 相同。)
I've ensured that HttpOnly
is not set, and that the frontend and backend are both hosted under the same root domain frontend.root.com
and api.root.com
.我确保未设置
HttpOnly
,并且前端和后端都托管在同一个根域frontend.root.com
和api.root.com
。
Cloudfront has been configured to forward the access-token cookie: Cloudfront 已配置为转发访问令牌 cookie:
origin request policy (note that it still did not work when I had this set to forward all cookies and not just the access token):源请求策略(请注意,当我将此设置为转发所有 cookies 而不仅仅是访问令牌时,它仍然不起作用):
Response headers settings :响应头设置:
So in my angular site, after the /login
api call resolves, I use the ngx-cookie-service
to check and try to retrieve the cookie.因此,在我的 angular 站点中,在
/login
api 调用解析后,我使用ngx-cookie-service
检查并尝试检索 cookie。
this.cookieService.check('access-token'); // checks if it exists, returns false
this.cookieService.get('access-token'); // returns '' meaning the cookie does not exist
Any ideas on how to resolve this issue and access the cookies from within my angular site?有关如何解决此问题并从我的 angular 站点中访问 cookies 的任何想法? I can provide more information on my configurations if needed.
如果需要,我可以提供有关我的配置的更多信息。 Thanks!
谢谢!
As you can barely make out in the screenshot the Cookies have the domain set as something starting with a
suggesting that it is api.root.com
, most importantly it is not frontend.root.com
and not root.com
. As you can barely make out in the screenshot the Cookies have the domain set as something starting with
a
suggesting that it is api.root.com
, most importantly it is not frontend.root.com
and not root.com
.
The server needs to set the domain of the cookie to root.com
for it to be available to all subdomains of it.服务器需要将 cookie 的域设置为
root.com
以便它可用于它的所有子域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.