Google chrome localhost web app访问远程API时未设置Cookie
我在Google chrome localhost web app访问远程API时未设置Cookie,google-chrome,cookies,Google Chrome,Cookies,我在http://localhost:3000 此web应用程序访问远程API,即https://app.example.com/api 在API上执行登录时,服务器返回如下会话Cookie: Set-Cookie: JSESSIONID=ZmQ2Yzg4OWYtYzdiNi00Mzc1LTkzMzUtYzhiZjZmM2MzZjMy; Domain=app.example.com; Path=/api/; Secure; HttpOnly; SameSite=Lax 但是,在Chrome上,
http://localhost:3000https://app.example.com/apiSet-Cookie: JSESSIONID=ZmQ2Yzg4OWYtYzdiNi00Mzc1LTkzMzUtYzhiZjZmM2MzZjMy; Domain=app.example.com; Path=/api/; Secure; HttpOnly; SameSite=Lax
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: PATCH,GET,POST,PUT,DELETE
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Expose-Headers: ETag, X-XSRF-TOKEN
app.me127.0.0.1编辑: 这是Axios代码:
const axios=require('axios');
constbackendurl=https://app.example.com/api';
const constructUrl=url=>`${backendUrl}${url}`;
常数axioconfig={
事实上,
};
导出默认值{
get:url=>axios.get(constructUrl(url),axioconfig),
post:(url,data)=>axios.post(constructUrl(url),data,axioconfig),
put:(url,data)=>axios.put(constructUrl(url),data,axioconfig),
delete:(url,data)=>axios.delete(constructUrl(url),data,axioconfig),
};
//在另一个文件中。。。
HttpService.post('/login',creds)
。然后((响应)=>{
const userInfo=response.data;
const token=response.headers['x-xsrf-token'];
setItem('user-info',JSON.stringify(userInfo));
setItem('user-xsrf-token',JSON.stringify(token));
window.location.replace('/');
})
.catch((错误)=>{
如果(err.response.status==401){
setLoginError('Bad cred');
}否则{
setLoginError('Fail to auth');
}
});
http://localhost:3000app.example.com设置CookieCookieSameSite=Lax删除此cookie属性后,将设置cookie并将其包含在下一个请求中。您使用什么将请求发送到API?Fetch?@NicoleWhite我正在使用AXIOS()您是否使用凭据设置了
:true