我正在使用React(在NetLify上)和Express(在Google Cloud运行上)一起使用。使用React和CORS,我需要设置 cookie = Secure 和 samesite = none ,以使Chrome在前端添加cookie。这很好,但是我无法使用document.cookie = 'test =“”; - 1; - 1;路径=/;'。当我使用 document.cookie 列出所有当前cookie时,它甚至不会出现。
请注意,这是安全的,不是 httponly = true ,尽管我是唯一无法从前端修改的,就像我从Express发送的另一个cookie一样。
简而言之,我希望能够从Google上的Express设置两个cookie,一个 httponly = true ,第二个要从前端修改(前端可以摧毁第二个cookie),但我无法设置安全到false,因为Google将由于CORS而不允许添加该cookie。
我将如何实现这一目标,将非安全的曲奇与CORS添加到Chrome中,并能够从前端进行修改?
我用来设置cookie的代码:
res.cookie("test", testValue, {
maxAge: "2000",
secure: true, //If I do not set these two lines chrome does not accept it.
sameSite: "none", //If I do not set these two lines chrome does not accept it.
});
我还将补充说,如果我尝试按照海科·泰科森(HeikoTheißen)建议的过期方法,则在以下代码中没有发生任何事情。如果我尝试使用新值方法将其设置为另一个值,则如屏幕截图所示的相同名称添加的cookie副本。两种方法在DEV中使用Localhost时都可以使用。只有使用 cookie = Secure 和 samesite = none 标志设置的 cookie = secue note flags设置这两种方法都不再起作用。
//Expire method
document.cookie="test=;Expires=" + new Date("1970-01-01").toGMTString();
//New value method
document.cookie = 'test="";-1; path=/'
I am using react (on netlify) and express (on Google Cloud Run) together. With react and CORS I need to set the cookie=secure and samesite=none in order for chrome to add the cookie on the front end. This is fine but I am unable to remove the cookie using document.cookie = 'test="";-1; path=/;'. It does not even show up when I use document.cookie to list out all current cookies.
Note this is secure and not httponly=true, which I though were the only ones you could not modify from the front end, like another cookie I am sending from express.
In short I want to be able to set two cookies from express on google, one httponly=true and the second to be modified from the front end (front end can destroy the second cookie) but I cannot set secure to false as google will not allow that cookie to be added due to CORS.
How would I be able to achieve this, adding a non secure cookie to chrome with CORS and be able to modify it from the front end?
Code I am using to set the cookie:
res.cookie("test", testValue, {
maxAge: "2000",
secure: true, //If I do not set these two lines chrome does not accept it.
sameSite: "none", //If I do not set these two lines chrome does not accept it.
});
I will also add that if I attempt to use the expire method as suggested by Heiko Theißen, in the below code nothing happens. If I attempt to set it to a different value with the new value method, a copy of the cookie as added with the same name instead as shown in the screenshot. Both methods work when using localhost in dev. It is only in production with the cookie=secure and samesite=none flags set that both these methods no longer work.
//Expire method
document.cookie="test=;Expires=" + new Date("1970-01-01").toGMTString();
//New value method
document.cookie = 'test="";-1; path=/'
发布评论