Cookies CORS设置Cookie不起作用
我的客户服务于Cookies CORS设置Cookie不起作用,cookies,cross-domain,Cookies,Cross Domain,我的客户服务于dev.cqyx.com:9798,服务器服务于api.cqyx.com:9797 以下是我的要求和答复: 响应标题: Access-Control-Allow-Credentials:true Access-Control-Allow-Origin:http://dev.cqyx.com:9798 Auth-Expiry:1478425298 Content-Length:15 Content-Type:application/json; charset=utf-8 Date:S
dev.cqyx.com:9798api.cqyx.com:9797Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://dev.cqyx.com:9798
Auth-Expiry:1478425298
Content-Length:15
Content-Type:application/json; charset=utf-8
Date:Sun, 06 Nov 2016 09:26:38 GMT
Refresh-Expiry:1481016398
Set-Cookie:AuthToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0Nzg0MjUyOTgsIkNzcmYiOiJvZDFVTXdsSm1YYWhMd2Q4VXVYc2x1MXUtMHNuTjVfYS0zdWdEMHRqSnYwPSIsIkN1c3RvbUNsYWltcyI6eyJSb2xlIjoidXNlciJ9fQ.LvYLoHZ6R_IuZ1aq0pedHpGRqJNI0xpKQmlgm9KDjqE; HttpOnly; Secure
Set-Cookie:RefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODEwMTYzOTgsIkNzcmYiOiJvZDFVTXdsSm1YYWhMd2Q4VXVYc2x1MXUtMHNuTjVfYS0zdWdEMHRqSnYwPSIsIkN1c3RvbUNsYWltcyI6eyJSb2xlIjoidXNlciJ9fQ.l2Qdc8JsM9S23ogY705aLE5QhaICeILt8HRQttkQdzI; Expires=Tue, 06 Dec 2016 09:26:38 GMT; HttpOnly; Secure
X-Csrf-Token:od1UMwlJmXahLwd8UuXslu1u-0snN5_a-3ugD0tjJv0=
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2
Connection:keep-alive
Content-Length:6
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:api.cqyx.com:9797
Origin:http://dev.cqyx.com:9798
Referer:http://dev.cqyx.com:9798/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
我看到响应返回
Set Cookie为了实现这一目标,支持安全标志的浏览器只在请求转到HTTPS页面时发送带有安全标志的Cookie。换句话说,浏览器不会在未加密的HTTP请求上发送设置了安全标志的cookie。为了实现这个目标,支持安全标志的浏览器只会在请求转到HTTPS页面时发送带有安全标志的cookie。换句话说,浏览器不会在未加密的HTTP请求上发送设置了安全标志的cookie。