set-cookie头部不起作用

huangapple go评论91阅读模式
英文:

set-cookie header not working

问题

我正在使用Go开发一个小网站,尝试从我的服务器设置一个cookie。

我在本地主机上运行服务器,将127.0.0.1别名设置为subdomain-dev.domain.com,端口为5080

当我收到对subdomain-dev.domain.com:5080/loginPOST请求的响应时,我可以看到set-cookie头。响应如下所示:

HTTP/1.1 307 Temporary Redirect
Location: /
Set-Cookie: myappcookie=encryptedvalue==; Path=/; Expires=Fri, 13 Sep 2013 21:12:12 UTC; Max-Age=900; HttpOnly; Secure
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Date: Fri, 13 Sep 2013 20:57:12 GMT

为什么Chrome或Firefox没有记录这个cookie?在Chrome中,它不会显示在资源选项卡中。在Firefox中,我也看不到它。在两者中,我也没有在未来的请求头中看到它。

英文:

I'm developing a small site w/ Go and I'm trying to set a cookie from my server.

I'm running the server on localhost, with 127.0.0.1 aliased to subdomain-dev.domain.com on port 5080.

My When I receive the response for my POST to subdomain-dev.domain.com:5080/login I can see the set-cookie header. The response looks like this:

HTTP/1.1 307 Temporary Redirect
Location: /
Set-Cookie: myappcookie=encryptedvalue==; Path=/; Expires=Fri, 13 Sep 2013 21:12:12 UTC; Max-Age=900; HttpOnly; Secure
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Date: Fri, 13 Sep 2013 20:57:12 GMT

Why isn't Chrome or Firefox recording this? In Chrome it doesn't show up in the Resources tab. In FF I can't see it either. And in neither do I see it in future Request headers.

答案1

得分: 69

看到cookie中的Secure字符串了吗?

是的,我也看到了。但是只是几个小时之后。

如果你设置了Secure标志,请确保通过SSL(URL开头的https://)访问你的网站。

如果你在本地开发并且没有证书,请确保跳过该选项。

英文:

See that Secure string in the cookie?

Yeah, me too. But only after a few hours.

Make sure you're accessing your site by SSL (https:// at the beginning of the URL) if you've got the Secure flag set.

If you're developing locally and don't have a cert, make sure you skip that option.

答案2

得分: 22

在我的情况下,我必须将以下内容添加到我的响应中:

access-control-expose-headers: Set-Cookie

我在这里找到了这里,发现如果我不将Set-Cookie头添加到exposed-header头中,我的客户端无法访问它。
希望这对某人有帮助!

英文:

In my case, I had to add this to my response:

access-control-expose-headers: Set-Cookie

I found here that my Set-Cookie header was not accessible to my client unless I added it to the exposed-header header.
Hope this can help someone!

答案3

得分: 10

找到了相关的GitHub问题响应cookie未发送有所帮助。在我的情况下,我正在使用mkcert工具在https下运行React应用程序,并进行跨域fetch请求并获取响应。直到我执行以下操作,响应的cookie才会被设置:

  1. 在fetch请求中指定credentials: 'include',例如:
fetch('https://example.com', {
  credentials: 'include'
});
  1. 从服务器端指定以下响应头:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000

其中,Access-Control-Allow-Origin头的值是我的React应用程序的URL。

  1. Set-Cookie头中添加以下属性:Path=/; HttpOnly; Secure; SameSite=None,参考使用HTTP cookies

希望对某些人有所帮助!

英文:

Found related github issue response cookies not being sent that helped. <br/>
In my case I am running react app under https (with mkcert tool) and making cross origin fetch request and get response. Cookies of the response is not set until I

  1. specify credentials: &#39;include&#39; for fetch request
    example fetch api
fetch(&#39;https://example.com&#39;, {
  credentials: &#39;include&#39;
});
  1. Specify these response headers from server
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000

Access-Control-Allow-Origin header has value of the url of my react app.

  1. add these attributes of Set-Cookie Header Path=/; HttpOnly; Secure; SameSite=None using http cookies

Hope it helps someone!

答案4

得分: 1

对于遇到这个问题的其他人,我需要做以下几件事才能获取我的 cookie(我在后端使用 fastapi-users,前端使用 js fetch api):

  • 更改我的跨域配置,使得头部不再是 "*",而是完全指定的(我从标准请求字段中获取)
  • 在后端配置中的 cookie 传输中添加 cookie_samesite="none"
  • 在 fetch api 的请求中添加 credentials: 'include'
英文:

For others who have encountered this issue, the set of things I needed to do in order to get my cookie (I happen to be using fastapi-users on the backend and js fetch api on the frontend):

  • change my cors configuration so that the set of headers was not "*" but fully specified (I pulled from the standard request fields)

  • add cookie_samesite=&quot;none&quot; to my cookie transport in my backend configuration

  • add credentials: &#39;include&#39; to my request in the fetch api

答案5

得分: 0

flask, flask_jwt_extended

我的问题是,我有一个函数(@Blueprint.after_app_request - 在响应返回给客户端之前运行)在响应中设置了一个头部来刷新 cookie。

所以我的注销函数添加了一个头部来使 cookie 失效,而刷新函数则刷新了我的 cookie。

所以响应中有以下头部:

  1. 使 cookie 失效。
  2. 刷新 cookie。

也许这对某天的某人有所帮助。

英文:

flask, flask_jwt_extended

My issue was, that I had a function (@Blueprint.after_app_request - that was run right before the response was sent back to client) that set a header on the response to refresh the cookie.

So my logout function added the header to expire the cookie, and the refreshing function refreshed my cookie.

So the response had following headers:

  1. Expire the cookie.
  2. Refresh the cookie.

Maybe this will help somone one day.

huangapple
  • 本文由 发表于 2013年9月14日 05:04:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/18795220.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定