英文:
Cookies not set at the frontend,
问题
I understand that you want a translation of the provided code. Here's the translated code:
const express = require("express");
const app = express();
const cookieParser = require("cookie-parser");
const bodyParser = require("body-parser");
const cloudinary = require("cloudinary");
const fileupload = require("express-fileupload");
const cors = require('cors');
const errorMiddleWares = require("./middleWares/errors");
// app.use(cors({ origin: "http://localhost:3000", credentials: true }));
const corsOptions = {
origin: true,
credentials: true,
};
app.use(cors(corsOptions));
// In your sendToken module for the cookies:
const sendToken = (user, statusCode, res) => {
// The user will be the user schema attached in the auth user controllers, also the status code too, but the response is from here.
// Create JWT token.
const token = user.getJwtToken();
// To store JWT token in the cookie, we prepare options.
const options = {
expires: new Date(
Date.now() + process.env.COOKIE_EXPIRES_TIME * 24 * 60 * 60 * 1000
),
httpOnly: true,
sameSite: "None",
secure: true
};
res.setHeader('Set-Cookie', `token=${token}`);
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.status(statusCode).cookie("token", token, options).json({
success: true,
token,
user
});
};
Please note that the translation is based on the provided code snippet, and the functionality should remain the same.
英文:
My cookies is being passed from the backend to the frontend and its also available at the Set-Cookie in the headers tab on the console, but with that, the cookies is not appearing at the frontend in the application tab, which logs me out on every reload.
This is My code at the backend: in My App.js
const express = require("express");
const app = express();
const cookieParser = require("cookie-parser")
const bodyParser = require("body-parser")
const cloudinary = require("cloudinary")
const fileupload = require("express-fileupload");
const cors = require('cors')
const errorMiddleWares = require("./middleWares/errors")
// app.use(cors({ origin: "http://localhost:3000", credentials: true }));
const corsOptions = {
origin: true,
credentials: true,
};
app.use(cors(corsOptions));
and in my sendToken module for the cookies:
const sendToken = (user, statusCode, res) => {
// the user will be the userschema attached in the authusercontrolllers, also the status code too, but the res is from here
//create jwt token
const token = user.getJwtToken();
//to store jwt token in the cookie, we prepare options
const options = {
expires: new Date(
Date.now() + process.env.COOKIE_EXPIRES_TIME * 24 * 60 * 60 * 1000
),
httpOnly: true,
sameSite:"None",
secure:true
}
res.setHeader('Set-Cookie', `token=${token}`);
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.status(statusCode).cookie("token", token, options).json({
success: true,
token,
user
})
};
答案1
得分: 2
在开发/HTTP中,使用 secure: false。Secure 设置为 true 会阻止在 HTTP 通信中设置 cookies。
我还建议在本地开发中设置一个 dotenv(.env)配置,然后执行类似以下操作:
secure: process.env.INSECURE_COOKIES !== "true"
然后在你的环境文件(通常是 .env)中添加:
INSECURE_COOKIES=true
英文:
In development/http, use secure: false. Secure being true prevents cookies being set in http communications.
I also recommend setting up a dotenv (.env) configuration for local development and then doing something like
secure: process.env.INSECURE_COOKIES !== "true"
and then in your envfile (usually .env) putting
INSECURE_COOKIES=true
答案2
得分: 2
使用httpOnly时,前端 JavaScript 无法访问cookie。此外,它只能使用https协议发送。
使用sameSite:"None"时,必须将secure属性设置为true。
请参阅https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
这些属性非常适用于生产环境,但在开发过程中,您必须根据以下方式进行更改:
- 对于localhost,需要生成一些不安全的密钥(不要提交它们),并允许在Google Chrome的
chrome://flags/中允许不安全的localhost - 如果
process.env.NODE_ENV !== "production",则将httpOnly:false、sameSite: "Strict"和secure:false更改为production(确保在部署到生产环境时设置为production)
英文:
When using httpOnly, on the frontend javascript cannot access to the cookie. Plus, it can only be send using https protocol.
When using sameSite:"None", the secure attribute must be set to true.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
Those attributes are great for production usage, but on development you must change you approch either by using:
httpsfor localhost, need to generate some insecure key (do not commit them) and allow insecure localhost on Google Chromechrome://flags/- turn
httpOnly:false,sameSite: "Strict"andsecure:falseifprocess.env.NODE_ENV !== "production"(make sure it is set toproductionwhen deploying to production)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论