英文:
set-cookie header not working
问题
我正在使用Go开发一个小网站,尝试从我的服务器设置一个cookie。
我在本地主机上运行服务器,将127.0.0.1别名设置为subdomain-dev.domain.com
,端口为5080
。
当我收到对subdomain-dev.domain.com:5080/login
的POST
请求的响应时,我可以看到set-cookie
头。响应如下所示:
HTTP/1.1 307 Temporary Redirect
Location: /
Set-Cookie: myappcookie=encryptedvalue==; Path=/; Expires=Fri, 13 Sep 2013 21:12:12 UTC; Max-Age=900; HttpOnly; Secure
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Date: Fri, 13 Sep 2013 20:57:12 GMT
为什么Chrome或Firefox没有记录这个cookie?在Chrome中,它不会显示在资源选项卡中。在Firefox中,我也看不到它。在两者中,我也没有在未来的请求头中看到它。
英文:
I'm developing a small site w/ Go and I'm trying to set a cookie from my server.
I'm running the server on localhost, with 127.0.0.1 aliased to subdomain-dev.domain.com
on port 5080
.
My When I receive the response for my POST
to subdomain-dev.domain.com:5080/login
I can see the set-cookie
header. The response looks like this:
HTTP/1.1 307 Temporary Redirect
Location: /
Set-Cookie: myappcookie=encryptedvalue==; Path=/; Expires=Fri, 13 Sep 2013 21:12:12 UTC; Max-Age=900; HttpOnly; Secure
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Date: Fri, 13 Sep 2013 20:57:12 GMT
Why isn't Chrome or Firefox recording this? In Chrome it doesn't show up in the Resources tab. In FF I can't see it either. And in neither do I see it in future Request headers.
答案1
得分: 69
看到cookie中的Secure
字符串了吗?
是的,我也看到了。但是只是几个小时之后。
如果你设置了Secure标志,请确保通过SSL(URL开头的https://)访问你的网站。
如果你在本地开发并且没有证书,请确保跳过该选项。
英文:
See that Secure
string in the cookie?
Yeah, me too. But only after a few hours.
Make sure you're accessing your site by SSL (https:// at the beginning of the URL) if you've got the Secure flag set.
If you're developing locally and don't have a cert, make sure you skip that option.
答案2
得分: 22
在我的情况下,我必须将以下内容添加到我的响应中:
access-control-expose-headers: Set-Cookie
我在这里找到了这里,发现如果我不将Set-Cookie头添加到exposed-header头中,我的客户端无法访问它。
希望这对某人有帮助!
英文:
In my case, I had to add this to my response:
access-control-expose-headers: Set-Cookie
I found here that my Set-Cookie header was not accessible to my client unless I added it to the exposed-header header.
Hope this can help someone!
答案3
得分: 10
找到了相关的GitHub问题响应cookie未发送有所帮助。在我的情况下,我正在使用mkcert工具在https下运行React应用程序,并进行跨域fetch请求并获取响应。直到我执行以下操作,响应的cookie才会被设置:
- 在fetch请求中指定
credentials: 'include'
,例如:
fetch('https://example.com', {
credentials: 'include'
});
- 从服务器端指定以下响应头:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000
其中,Access-Control-Allow-Origin
头的值是我的React应用程序的URL。
- 在Set-Cookie头中添加以下属性:
Path=/; HttpOnly; Secure; SameSite=None
,参考使用HTTP cookies
希望对某些人有所帮助!
英文:
Found related github issue response cookies not being sent that helped. <br/>
In my case I am running react app under https (with mkcert tool) and making cross origin fetch request and get response. Cookies of the response is not set until I
- specify
credentials: 'include'
for fetch request
example fetch api
fetch('https://example.com', {
credentials: 'include'
});
- Specify these response headers from server
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000
Access-Control-Allow-Origin
header has value of the url of my react app.
- add these attributes of Set-Cookie Header
Path=/; HttpOnly; Secure; SameSite=None
using http cookies
Hope it helps someone!
答案4
得分: 1
对于遇到这个问题的其他人,我需要做以下几件事才能获取我的 cookie(我在后端使用 fastapi-users,前端使用 js fetch api):
- 更改我的跨域配置,使得头部不再是 "*",而是完全指定的(我从标准请求字段中获取)
- 在后端配置中的 cookie 传输中添加
cookie_samesite="none"
- 在 fetch api 的请求中添加
credentials: 'include'
英文:
For others who have encountered this issue, the set of things I needed to do in order to get my cookie (I happen to be using fastapi-users on the backend and js fetch api on the frontend):
-
change my cors configuration so that the set of headers was not "*" but fully specified (I pulled from the standard request fields)
-
add
cookie_samesite="none"
to my cookie transport in my backend configuration -
add
credentials: 'include'
to my request in the fetch api
答案5
得分: 0
flask, flask_jwt_extended
我的问题是,我有一个函数(@Blueprint.after_app_request
- 在响应返回给客户端之前运行)在响应中设置了一个头部来刷新 cookie。
所以我的注销函数添加了一个头部来使 cookie 失效,而刷新函数则刷新了我的 cookie。
所以响应中有以下头部:
- 使 cookie 失效。
- 刷新 cookie。
也许这对某天的某人有所帮助。
英文:
flask, flask_jwt_extended
My issue was, that I had a function (@Blueprint.after_app_request
- that was run right before the response was sent back to client) that set a header on the response to refresh the cookie.
So my logout function added the header to expire the cookie, and the refreshing function refreshed my cookie.
So the response had following headers:
- Expire the cookie.
- Refresh the cookie.
Maybe this will help somone one day.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论