Django 请求标头中未设置Cookie
我使用Angular 9和Django构建了一个客户机-服务器应用程序,我面临以下情况: 登录后,我在响应头中收到会话id。即使浏览器设置了这个cookie,并且我能够在Dev Tools>Application>cookie中看到它,这个cookie也不会在后续请求中使用。更确切地说,如果我在登录后发出请求,我的Django服务器会显示没有会话,并且用户没有登录 我在互联网上搜索了这个问题,发现我必须在我的Angular项目的请求头中设置Django 请求标头中未设置Cookie,django,angular,cookies,session-cookies,angular9,Django,Angular,Cookies,Session Cookies,Angular9,我使用Angular 9和Django构建了一个客户机-服务器应用程序,我面临以下情况: 登录后,我在响应头中收到会话id。即使浏览器设置了这个cookie,并且我能够在Dev Tools>Application>cookie中看到它,这个cookie也不会在后续请求中使用。更确切地说,如果我在登录后发出请求,我的Django服务器会显示没有会话,并且用户没有登录 我在互联网上搜索了这个问题,发现我必须在我的Angular项目的请求头中设置{withCredentials:true}。我制作了一
{withCredentials:true}
。我制作了一个拦截器,在每个请求头中设置{withCredentials:true}
,但这对我不起作用。我以这种方式将这个拦截器放在AppModule的提供者中:Providers:[[{provide:HTTP_拦截器,useClass:AuthInterceptor,multi:true}]
以下是我的拦截器代码:
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
constructor(public auth: AuthService) {
}
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
request = request.clone({
withCredentials: true
});
return next.handle(request);
}
}
在AuthService中,我有:
@Injectable({
providedIn: 'root'
})
export class AuthService {
private headers = new HttpHeaders({'Content-Type': 'application/x-www-form-urlencoded'});
private serverUrl = 'http://localhost:8000/api/auth/';
constructor(private httpClient: HttpClient) {
}
login(loginInputData) {
const body = new HttpParams()
.set('username', loginInputData.username)
.set('password', loginInputData.password);
return this.httpClient.post<any>(`${this.serverUrl}login/`, body.toString(), {headers: this.headers});
}
在Django settings.py文件中,我修改了:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'corsheaders', # for CORS policy
'uploadImg.apps.UploadimgConfig',
'users.apps.UsersConfig',
'frontEnd.apps.FrontendConfig',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware', # for CORS policy
'django.middleware.common.BrokenLinkEmailsMiddleware', # for CORS policy
]
CORS_ORIGIN_ALLOW_ALL = True # for CORS policy
CORS_ALLOW_CREDENTIALS = True # for CORS policy
CORS_ORIGIN_REGEX_WHITELIST = [
'http://localhost:4200',
] # for CORS policy
@csrf_exempt
def log_in(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return HttpResponse(status=200)
else:
return HttpResponseBadRequest("Invalid credentials")
return HttpResponseForbidden("Not allowed")
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'corsheaders', # for CORS policy
'uploadImg.apps.UploadimgConfig',
'users.apps.UsersConfig',
'frontEnd.apps.FrontendConfig',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware', # for CORS policy
'django.middleware.common.BrokenLinkEmailsMiddleware', # for CORS policy
]
CORS_ORIGIN_ALLOW_ALL = True # for CORS policy
CORS_ALLOW_CREDENTIALS = True # for CORS policy
CORS_ORIGIN_REGEX_WHITELIST = [
'http://localhost:4200',
] # for CORS policy