前端位于localhost:4200,后端位于localhost:8080
我在后端和前端实现了CORS配置,所有其他API请求都可以工作.但是,Set-Cookie标志不会在我的浏览器中创建cookie.
当我使用Postman发出POST请求时,我正确地在Cookie选项卡中看到Cookie.我没有在网络浏览器中看到cookie.
选项请求
Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip,deflate Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,credentials
选项回应
X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache,no-store,max-age=0,must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Access-Control-Allow-Origin: http://localhost:4200 access-control-allow-credentials: true access-control-allow-methods: POST,GET,OPTIONS,DELETE access-control-max-age: 3600 access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,credentials Allow: GET,HEAD,POST,PUT,DELETE,TRACE,PATCH Content-Length: 0 Date: Fri,30 Jun 2017 14:55:58 GMT
POST请求
Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 Accept: application/json,text/plain,*/* Accept-Language: en-US,deflate Referer: http://localhost:4200/login Content-Type: application/json credentials: true Content-Length: 48 Origin: http://localhost:4200 Connection: keep-alive
POST响应
X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache,credentials Set-Cookie: ddd=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOjJmYXhhcyIsImV4cCI6MTQ5ODkyMDk1OH0.sKJLH1GvgbJP28ws2EOZpc8EH0SElB4VQX86m59G8BjT-QAaRW6sInnrF6Y_yNJcIEcrrw_itb-O26KkKza8aA Content-Length: 0 Date: Fri,30 Jun 2017 14:55:58 GMT
解决方法
为了能够在这种情况下设置cookie,您必须允许所有OPTIONS请求从过滤器传递,因为它们根据
this question不包含cookie,更重要的是,当从服务器withCredentials请求cookie时,必须将两者都设置为true服务器和客户端.永远不要忘记在服务器上启用CORS请求(你必须定义原点,例如localhost:4200,使用通配符*将不起作用)希望这可以帮助任何人寻找这个问题的答案.
