[英]Express doesn't set-cookie when SameSite is none
I have read a lot of other similar questions, but I couldn't solve the issue.我已经阅读了很多其他类似的问题,但我无法解决问题。
My setup is Node + Express + PassportJs and everything works in development, but I have problems on production.我的设置是 Node + Express + PassportJs,一切都在开发中,但我在生产中遇到了问题。
With the following code, I see that the session cookie is sent back in the response, but I also get a message saying that it won't be applied as SameSite
is lax (the default) and the response comes from another site (frontend and backend do not have the same origin).使用以下代码,我看到会话 cookie 在响应中发回,但我也收到一条消息,说它不会被应用,因为SameSite
是松散的(默认)并且响应来自另一个站点(前端和后端没有相同的来源)。
app.use(
session({
secret: "foo",
resave: false,
saveUninitialized: false,
store: MongoStore.create({ mongoUrl: process.env.MONGO_DB_CONN_STRING! }),
cookie: { httpOnly: true }
})
);
So I changed it to this, so to specify SameSite
and Secure
in production, but at this point, no cookie is set anymore!所以我把它改成这样,以便在生产中指定SameSite
和Secure
,但此时,不再设置 cookie!
app.use(
session({
secret: "foo",
resave: false,
saveUninitialized: false,
store: MongoStore.create({ mongoUrl: process.env.MONGO_DB_CONN_STRING! }),
cookie: isProduction ? { httpOnly: true, sameSite: "none", secure: true } : {} // <-- only change
})
);
What could be the cause?可能是什么原因? I've tried to fix it by playing with CORS (no success) and other 100 things.我试图通过玩 CORS(没有成功)和其他 100 件事来修复它。 Yet it seems some quirk I am missing.然而,我似乎缺少一些怪癖。
depending on what service you use to deploy your API(netlify, render.com, heroku other...) you have to enable proxy根据您使用什么服务来部署您的 API(netlify、render.com、heroku 其他...),您必须启用代理
this.app.enable('trust proxy');
it fixed my issue它解决了我的问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.