Angular HttpClient不发送域名cookie。

huangapple go评论80阅读模式
英文:

Angular HttpClient does not send domain cookie

问题

我有一个在angular.example.com上运行的Angular应用程序。API在app.example.com上运行。我从app.example.com获取一个域cookie,该cookie设置在.example.com上,包含一个JWT令牌(根据RFC,该cookie应该在这些域之间可共享:https://www.rfc-editor.org/rfc/rfc6265#section-4.1.2.3)。

当请求发送到angular.example.com时,我可以在请求头中看到cookie(由浏览器添加)。Angular应用程序被提供并发出请求到app.example.com以获取一些数据。

我会期望浏览器会将这个cookie随着请求一起发送,但实际上并没有发生。有人可以解释为什么会这样吗?

英文:

I have an Angular app that runs on angular.example.com. The API runs on app.example.com. I get a domain cookie from app.example.com that sets the cookie on .example.com containing a JWT token (the cookie should be shareable between these domains according to RFC: https://www.rfc-editor.org/rfc/rfc6265#section-4.1.2.3).

When the request to angular.example.com is sent and I can see the cookie as part of the request headers (added by the browser). The Angular app is served and makes a request to app.example.com to fetch some data.

I would expect that the cookie would be send along with this request by the browser, but it doesn't happen. Can anyone explain why this doesn't happen?

答案1

得分: 15

默认情况下,Angular 中的 XHR 请求不会在每个请求中传递 cookie 信息。这意味着默认情况下,Angular 不会将先前请求中捕获的 Cookie 传递回服务器,从而有效地使用户注销。

并且您的服务器响应必须允许头部 Access-Control-Allow-Credentials

为了使这个工作,HttpClient 必须设置 withCredentials
> 跨域资源共享(CORS) - Allow-Origin-With-Credentials
>
> 除了客户端的 withCredentials 头部之外,如果您进行跨域请求,请确保服务器上也设置了 Allow-Origin-With-Credentials 头部。如果未设置此头部,客户端端的 withCredentials 也不会影响跨域调用,导致不会发送 cookies 和授权头部。

let options = new RequestOptions({ headers: headers, withCredentials: true });
this.http.post(this.url, body, options);
英文:

XHR requests in Angular by default do not pass cookie information with each request. What this means is by default Angular doesn't pass Cookies captured on previous requests back to the server which effectively logs out the user.

And your server response must allow headers Access-Control-Allow-Credentials.

In order for that to work the HttpClient has to set the withCredentials:
> CORS - Allow-Origin-With-Credentials
>
> In addition to the client side withCredentials header, if you are going cross domain also make sure that the Allow-Origin-With-Credentials header is set on the server. If this header is not set the client side withCredentials also has no effect on cross-domain calls causing cookies and auth headers to not be sent.

let options = new RequestOptions({ headers: headers, withCredentials: true });
this.http.post(this.url, body , options);

答案2

得分: 13

HTTP默认情况下不会重新发送cookie。您必须启用它,可以在每个请求中使用配置{withCredentials: true},或者创建一个HttpInterceptor来为所有请求添加它。

this.httpclient.get(myUrl, {withCredentials:true})

或者参考:Stackoverflow: Add credentials to every httpClient call

英文:

HTTP does not resend cookies by default. You have to enable it, either per request with the config {withCredentials: true}, or create an HttpInterceptor to add it for all requests.

this.httpclient.get(myUrl, {withCredentials:true})

or: Stackoverflow: Add credentials to every httpClient call

huangapple
  • 本文由 发表于 2020年1月7日 01:15:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/59616290.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定