[英]Browser doesn't set cookie even if it is present in response headers
我的回復有一個set-cookie標題,但瀏覽器似乎沒有存儲它(在postman中它就像一個魅力)。 我的API是用.NET Core編寫的,我在客戶端使用axios(React)。 但是,客戶端請求通過快速服務器進行代理以用於SSR目的。
我在這里發布了多個解決方案。 從設置withCredentials的基礎到axios中的true,將服務器上的MinimumSameSitePolicy設置為none,可以在代碼中看到。
服務器
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.ConsentCookie.HttpOnly = false;
});
..........
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.None,
HttpOnly = HttpOnlyPolicy.None
});
客戶
const axiosInstance = axios.create({
baseURL: '/api',
withCredentials: true,
headers: {
'Access-Control-Allow-Origin': 'http://localhost:3000/',
'Content-Type': 'application/json'
}
});
代理
app.use(
'/api',
proxy('https://localhost:44364/', {
proxyReqOptDecorator(opts) {
opts.rejectUnauthorized = false;
opts.headers['x-forwarded-host'] = 'localhost:3000';
return opts;
},
proxyReqPathResolver(req) {
return `/api${req.url}`;
}
})
);
對cookie的回復:
HTTP/1.1 200 OK
x-powered-by: ASP.NET
cache-control: no-cache
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
server: Kestrel
set-cookie: .AspNetCore.Cookies=CfDJ8KvV0sFM8_FJqzJkoUey_LvYSADPHUA20Mq40db0KYSbL9Q2ZjS2JW87G8CzcTDBIpG1H6mZ_nuThzOniga7oRpguIgi3xIFCjkY5D0DXwT98ZVejY7nzLaCmV9rGLMkkqqADbr0zzwUkzXQqtWMtubY0cdHXPskTWFucMjjYk0BU4eCuWOjRzooL-QtwYtDClP720LVetm8lZGvAS6jfYpk-HWZIQiDo1ERKqhyIWKYqSFBEN0nV4ykL6KhfqEjcK8URzTEnBxdV7dCpk287smjAzTvOziRWfO6BtpxXC2tZ9NBeTLLqitn_CaAypewt9qMnjMi75zazo6yicRlTsDp-i3LT0OkD_ls1celSeG1VPlTg0OMVm0nADpZurMT9LSrijsSrcFT0wvNSTeW9vE; path=/; secure; samesite=lax; httponly
x-sourcefiles: =?UTF-8?B?QzpcVXNlcnNcTWFrYWxhXERlc2t0b3BcUm91dG9yaWFsXFJvdXRvcmlhbEFQSVxSb3V0b3JpYWxBUElcUm91dG9yaWFsQVBJXGFwaVxhY2NvdW50XGxvZ2luU3VibWl0?=
date: Sun, 26 May 2019 15:47:32 GMT
connection: close
Content-Length: 6
ETag: W/"6-+3OfqLi6+pGCkKvbVPPQANDiBD4"
在2.0版本中,asp.net核心引入了一種新行為:默認情況下,它會向所有set-cookie標頭添加samesite=lax屬性。
MinimumSameSitePolicy的Cookie策略中間件設置可能會影響Cookie.SameSite中CookieAuthenticationOptions設置
嘗試在Startup.ConfigureServices中顯式覆蓋此默認行為:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options => options.Cookie.SameSite = SameSiteMode.None;
});
謝謝@Xing Zou! 你的答案很接近,讓我思考正確的方向。 CookiePolicyOptions根本不起作用,似乎沒有覆蓋默認選項。 相反,我用過
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
});
在ConfigureServices和
app.UseAuthentication();
在配置中。
當瀏覽器具有安全標志時,瀏覽器沒有設置cookie,因此必須禁用它
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
nodejs - Set-Cookie 出現在響應中但在瀏覽器中丟失
[英]nodejs - Set-Cookie present in response but missing in browser
響應頭存在於瀏覽器中但未由Angular $ http response.headers()解析
[英]Response header is present in browser but not parsed by Angular $http response.headers()
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.