这是代码
极客观点
项目管理
HarmonyOS
res.setHeader("Access-Control-Allow-Credentials", true)
// ...
res.cookie("SESSIONID",sessionId,{maxAge:1800000, httpOnly: true})这是浏览器里看到的请求
后边的请求里也不见吧cookie放到请求头里
MDN文档中关于CORS的介绍中,对于Cookie有如下的说明:
Third-party cookies
Note that cookies set in CORS responses are subject to normal third-party cookie policies. In the example above, the page is loaded from foo.example but the cookie on line 20 is sent by bar.other, and would thus not be saved if the user's browser is configured to reject all third-party cookies.Cookie in the request (line 10) may also be suppressed in normal third-party cookie policies. The enforced cookie policy may therefore nullify the capability described in this chapter, effectively preventing you from making credentialed requests whatsoever.
Cookie policy around the SameSite attribute would apply.
原文地址:https://developer.mozilla.org...
关键词:第三方cookie策略
仅供参考
4 回答4.6k 阅读✓ 已解决
4 回答2.1k 阅读✓ 已解决
4 回答2.2k 阅读✓ 已解决
3 回答5k 阅读
2 回答2.6k 阅读✓ 已解决
2 回答2.1k 阅读✓ 已解决
1 回答3.1k 阅读✓ 已解决
cookie的path可以设置为/试试