英文:
Cookies are not getting set when running with --host option in official SvelteKit example
问题
以下是翻译好的部分:
"我正在尝试官方的 SvelteKit 示例 https://realworld.svelte.dev/。"
"其代码托管在 https://github.com/sveltejs/realworld 上。"
"当我运行 npm run dev
时,登录和一切都正常工作。"
"但是当我运行 npm run dev -- --host
时,登录不起作用。"
"这段代码不起作用,因此无法设置 cookie,所以登录无法正常工作。"
"如何在使用 --host
选项时使登录正常工作?"
英文:
I am trying offical SvelteKit example https://realworld.svelte.dev/.
Its code is hosted at https://github.com/sveltejs/realworld
login and everything works fine when I run npm run dev
but when I run npm run dev -- --host
then login does not work.
cookies.set('jwt', value, { path: '/' });
This is not working so cookies are not getting set so login is not working.
How can I make login working when using --host
option?
答案1
得分: 6
我假设在使用未安全连接(http
)时,当访问暴露的网络IP URL(localhost
仍然可用)时,您无法登录。
这是因为SvelteKit中默认的cookie配置是将secure
选项设置为true
,这意味着在未安全的请求上不会设置cookie。根据SvelteKit文档:
> httpOnly和secure选项默认为true(除了在http://localhost上,其中secure为false),如果要使cookie可供客户端JavaScript读取和/或通过HTTP传输,必须明确禁用这些选项。sameSite选项默认为lax。
正如您所看到的,这解释了为什么默认配置在localhost
上运行正常(其中secure
为false
),但在暴露的网络IP地址上不起作用(其中secure
将为true
)。
如果您在src/routes/login/+page.server.js
中更新cookie配置以明确设置secure
选项:
cookies.set('jwt', value, { secure: false, path: '/' });
然后重新启动服务器,您应该能够如预期地从暴露的网络IP URL登录(我成功登录了)。
注意: 在生产部署中,您将希望将secure
标志设置为true
并使用安全协议(https
)进行请求。
英文:
I'm assuming you're blocked from logging in when addressing the exposed network IP URL (localhost
should still work) on an unsecured (http
) connexion.
The reason for this is because the default cookie configuration in SvelteKit is to set the secure
option to true
, meaning cookies won't get set upon unsecured requests. From the SvelteKit docs:
> The httpOnly and secure options are true by default (except on http://localhost, where secure is false), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The sameSite option defaults to lax.
As you can see, this explains why the default configuration works on localhost
(where secure
is false
) but not on the exposed network IP address (where secure
will be true
).
If you update the cookie configuration in src/routes/login/+page.server.js
to explicitly set the secure
option:
cookies.set('jwt', value, { secure: false, path: '/' });
and restart your server, you should then be able to login as expected from the exposed network IP URL (I was able to).
Note: in a production deployment, you will want the secure
flag set to true
and use a secure protocol (https
) for your requests.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论