跨域应用程序身份验证到HTTP API服务器
我正在尝试在我的API服务器(myServer.com)上设置CORS标题,以允许使用我嵌入式移动应用程序或其他网站的cookie进行交叉原始的,认证的请求(localhost:8080:8080 )
这是初始请求,它似乎正常工作并设置正确的cookie。
Summary
URL: https://myserver.com/api/tokens
Status: 200
Source: Network
Address: 1.1.1.1:443
Request
:method: POST
:scheme: https
:authority: myserver.com
:path: /api/tokens
Accept: application/json, text/plain, */*
Content-Type: application/json
Origin: http://localhost:8080
Content-Length: 51
Accept-Language: en-US,en;q=0.9
Host: myserver.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Response
:status: 200
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Set-Cookie: token=removedforsecuritypurposes; path=/; expires=Tue, 02 Aug 2022 03:57:50 GMT; samesite=none; secure; httponly
Vary: Origin
Date: Sun, 03 Jul 2022 03:57:50 GMT
Content-Length: 616
Access-Control-Allow-Origin: http://localhost:8080
Server: nginx/1.14.1
我在前端上使用Axios,使用withCredentials:true选项以发送后续请求,但是浏览器不包括cookie。我想念什么?
Summary
URL: https://myserver.com/api/user
Status: 401
Source: Network
Address: 1.1.1.1:443
Request
:method: GET
:scheme: https
:authority: myserver.com
:path: /api/user
Accept: application/json, text/plain, */*
Origin: http://localhost:8080
Accept-Encoding: gzip, deflate, br
Host: myserver.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15
Accept-Language: en-US,en;q=0.9
Referer: http://localhost:8080/
Connection: keep-alive
Response
:status: 401
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Vary: Origin
Date: Sun, 03 Jul 2022 03:57:50 GMT
Content-Length: 134
Access-Control-Allow-Origin: http://localhost:8080
Server: nginx/1.14.1
我已经引用了这篇文章设置cookie for cross origins requests ,但似乎仍然无法使其正常工作。
I am attempting to set CORS headers on my API server (myserver.com) to allow cross-origin, authenticated requests with cookies from my embedded mobile app or other site (localhost:8080)
Here is the initial request, which appears to be working properly and sets the right cookie.
Summary
URL: https://myserver.com/api/tokens
Status: 200
Source: Network
Address: 1.1.1.1:443
Request
:method: POST
:scheme: https
:authority: myserver.com
:path: /api/tokens
Accept: application/json, text/plain, */*
Content-Type: application/json
Origin: http://localhost:8080
Content-Length: 51
Accept-Language: en-US,en;q=0.9
Host: myserver.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Response
:status: 200
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Set-Cookie: token=removedforsecuritypurposes; path=/; expires=Tue, 02 Aug 2022 03:57:50 GMT; samesite=none; secure; httponly
Vary: Origin
Date: Sun, 03 Jul 2022 03:57:50 GMT
Content-Length: 616
Access-Control-Allow-Origin: http://localhost:8080
Server: nginx/1.14.1
I'm using axios on the frontend, using the withCredentials: true option to send subsequent requests, but the browser doesn't include the cookie. What am I missing?
Summary
URL: https://myserver.com/api/user
Status: 401
Source: Network
Address: 1.1.1.1:443
Request
:method: GET
:scheme: https
:authority: myserver.com
:path: /api/user
Accept: application/json, text/plain, */*
Origin: http://localhost:8080
Accept-Encoding: gzip, deflate, br
Host: myserver.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15
Accept-Language: en-US,en;q=0.9
Referer: http://localhost:8080/
Connection: keep-alive
Response
:status: 401
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Vary: Origin
Date: Sun, 03 Jul 2022 03:57:50 GMT
Content-Length: 134
Access-Control-Allow-Origin: http://localhost:8080
Server: nginx/1.14.1
I've referenced this post Set cookies for cross origin requests and still can't seem to get it working.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您有两个选择:
localhost作为服务器上的CORS设置中的来源。@capicitor-community/http)要本地发送HTTP请求(此处忽略了CORS)。You have two options:
localhostas origin in your CORS settings on your server.@capacitor-community/http) to send HTTP requests natively ( CORS is ignored here).