jQuery $http 请求不会以角度 CORS 跨域发送 cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16882245/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
$http request doesn't send cookies cross-domain in angular CORS
提问by Alexandru R
First of all I want to tell that I've read all the questions from Stack and everything related to CORS, but the implementation still doesn't work. My APP is built on top of angular crud demo:
首先,我想说我已经阅读了 Stack 中的所有问题以及与 CORS 相关的所有内容,但是实现仍然不起作用。我的 APP 建立在angular crud demo之上:
So I have in the app config:
所以我在应用程序配置中有:
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
and I know they are correctly set (with debugging). In my "Security" app I'm doing a request for the current user, cross-domain:
我知道它们设置正确(带调试)。在我的“安全”应用程序中,我正在为当前用户跨域发出请求:
return $http.get(LAYOUT_CONFIG.baseURL + '/current-user').then(function(response) {
//service.currentUser = response.data.user;
service.currentUser = response.data;
return service.currentUser;
});
I get these headers at the first request:
我在第一个请求时得到这些标头:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, origin, content-type, cookie
Access-Control-Allow-Methods:GET,POST
Access-Control-Allow-Origin:http://admin.vibetrace.com
Access-Control-Max-Age:1728000
Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html; charset=utf-8
Date:Sun, 02 Jun 2013 11:07:49 GMT
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Server:nginx/1.1.19
Set-Cookie:vibetrace.ssid=s%3A2lT2_N0-EevCJt7LbRlJ6Az1.d8xp99st%2F0RNV0VN2D4o4AJXNRT%2F%2F46v8PDVWSAbx%2Fw; Path=/; Expires=Mon, 30 Sep 2013 11:07:49 GMT
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-Cache:MISS
X-Powered-By:Express
So Set-Cookie is there. However, the subsequent $http.get request (from angular) doesn't send the cookie which should have been previously set.
所以 Set-Cookie 就在那里。但是,随后的 $http.get 请求(来自 angular)不会发送之前应该设置的 cookie。
Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:app.vibetrace.com
Origin:http://admin.vibetrace.com
Pragma:no-cache
Referer:http://admin.vibetrace.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36
but here comes the interesting part. If I run the following code in the console:
但有趣的部分来了。如果我在控制台中运行以下代码:
$.ajax("https://app.vibetrace.com/current-user", {
type: "GET",
success: function(data, status, xhr) {
},
xhrFields: {
withCredentials: true
},
crossDomain: true
});
the request header contains the cookies.
请求标头包含 cookie。
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:fbm_245656478789760=base_domain=.vibetrace.com; __utma=199448574.828439508.1336934706.1361539088.1361819816.356; __utmc=199448574; __utmz=199448574.1361819816.356.354.utmcsr=tenlister.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; connect.sid=s%3AZ1o9bIw0jBOmQwuhKJDG1San.%2BfshIsvupiRuK0pUJqm8EAMnMBCyxf%2Fk17cAVzcy31w; __utma=173003172.1796845739.1355503443.1369827921.1369833348.68; __utmc=173003172; __utmz=173003172.1369410587.66.5.utmcsr=stage.marketizator.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/builder/; vibetrace.ssid=s%3AV6biojefu9r5DTGErKL5vYPi.KAlnWMUm8jZmPV0MpP%2FrgqwmkF6WuXEZZDyzJhozYCs
Host:app.vibetrace.com
Origin:http://admin.vibetrace.com
Pragma:no-cache
Referer:http://admin.vibetrace.com/
What I'm missing?
我缺少什么?
回答by David Riccitelli
Have you seen this? Communication between AngularJS and a Jersey Webservice which are on a different domain. Can't access correct session
你见过这个吗?AngularJS 和位于不同域上的 Jersey Web 服务之间的通信。无法访问正确的会话
Try passing a config object to $http that specifies withCredentials, that should work in all versions.
尝试将配置对象传递给指定 withCredentials 的 $http,它应该适用于所有版本。
$http({withCredentials: true, ...}).get(...)
And the discussion here: https://github.com/angular/angular.js/pull/1209
回答by iwein
Setting withCredentials=trueshould work, and in particular the part where it does workwith $ajax is vexing. It leads me to believe the problem is not in the client, but in a combination of what the server sends back and how you're testing it.
设置withCredentials=true应该有效,特别是它与 $ajax 一起工作的部分令人烦恼。这让我相信问题不在于客户端,而在于服务器发回的内容以及您如何对其进行测试。
Are you sure you're testing on the same path with both jQuery and Angular?
您确定您正在使用 jQuery 和 Angular 在相同的路径上进行测试吗?
The problem might be related to the cookie you get back from the server. If the path isn't set correctly, the browser will not send the cookies with the requests to other paths. This goes for other properties as well, but path is most likely.
问题可能与您从服务器返回的 cookie 有关。如果路径设置不正确,浏览器将不会将带有请求的 cookie 发送到其他路径。这也适用于其他属性,但路径最有可能。
This is would be unrelated to Angular configuration, but it could set you back a few hours nonetheless.
这与 Angular 配置无关,但它可能会让您退回几个小时。
Other than that the only likely explanation is that you're using an old version of Angular, but given the detail of your question and links to other answers that seems unlikely to me.
除此之外,唯一可能的解释是您使用的是旧版本的 Angular,但考虑到您的问题的详细信息以及指向其他答案的链接,我似乎不太可能这样做。
回答by Sanjo
I see two different subdomains.
我看到两个不同的子域。
- admin.vibetrace.com
- app.vibetrace.com
- admin.vibetrace.com
- app.vibetrace.com
Try to set the cookie for your main domain explicitly:
尝试为您的主域明确设置 cookie:
Set-Cookie:vibetrace.ssid=...; Domain=.vibetrace.com; Path=/; Expires=...
Reference: Wikipedia: HTTP Cookie - Domain and Path
