浏览器跨域请求无法往存储里写入cookie

KuiSAhn
  • 16

我用express写了一个简单的服务器,在实现前端登录时发现设置在相应头里的cookie一直存不到浏览器里,我也在响应头里设置了Access-Control-Allow-Credentials,但是浏览器还是获取不到cookie

这是代码

res.setHeader("Access-Control-Allow-Credentials", true)
// ...
res.cookie("SESSIONID",sessionId,{maxAge:1800000, httpOnly: true})

这是浏览器里看到的请求

后边的请求里也不见吧cookie放到请求头里

回复
阅读 1.6k
3 个回答
JenK
  • 10.2k

cookiepath可以设置为/试试

看了一下午也没有找到解决办法,最后还是用反向代理了,一劳永逸

MDN文档中关于CORS的介绍中,对于Cookie有如下的说明:

Third-party cookies
Note that cookies set in CORS responses are subject to normal third-party cookie policies. In the example above, the page is loaded from foo.example but the cookie on line 20 is sent by bar.other, and would thus not be saved if the user's browser is configured to reject all third-party cookies.

Cookie in the request (line 10) may also be suppressed in normal third-party cookie policies. The enforced cookie policy may therefore nullify the capability described in this chapter, effectively preventing you from making credentialed requests whatsoever.

Cookie policy around the SameSite attribute would apply.

原文地址:https://developer.mozilla.org...

关键词:第三方cookie策略

仅供参考

宣传栏