Python 如何解码使用withCredentials发送的凭据:true from angular,发送和接收的cookie don';我没有同样的理由
我有一个python后端,在这里我创建了一个httponly cookie并将其发送到前端 后端中的cookie是这样创建的:Python 如何解码使用withCredentials发送的凭据:true from angular,发送和接收的cookie don';我没有同样的理由,python,angular,cookies,jwt,credentials,Python,Angular,Cookies,Jwt,Credentials,我有一个python后端,在这里我创建了一个httponly cookie并将其发送到前端 后端中的cookie是这样创建的: ... token_session = request.create_jwt_token(1, data=<userdata>, permissions=...) ... response.set_cookie(name='token', value=token_session, secure=False, httponly=True) this.http
...
token_session = request.create_jwt_token(1, data=<userdata>, permissions=...)
...
response.set_cookie(name='token', value=token_session, secure=False, httponly=True)
this.http.get(back_end_url, {responseType: 'json', withCredentials: true})...
但是现在,当我使用get请求调用后端时,使用凭据等于true如下所示:
...
token_session = request.create_jwt_token(1, data=<userdata>, permissions=...)
...
response.set_cookie(name='token', value=token_session, secure=False, httponly=True)
this.http.get(back_end_url, {responseType: 'json', withCredentials: true})...
在后端,我看到一个具有不同名称的cookie(name=session)
另一个值等于:
请求。cookies:
我认为问题在于浏览器正在将您的数据转换为字节格式,您需要在rxjs中使用行为主体概念,并为凭证创建一个模型在这种情况下,凭证无法从javascript访问(httponly cookie)无法从httpclient访问,浏览器本身将附加cookie(不幸的是,编码方式与从后端接收的方式不同)。连接的部分是我可以看到令牌的有效值(在应用程序选项卡中,然后是Cookies-dev tools Chrome中)
5.4. The Cookie Header
The user agent includes stored cookies in the Cookie HTTP request
header.
When the user agent generates an HTTP request, the user agent MUST
NOT attach more than one Cookie header field.
A user agent MAY omit the Cookie header in its entirety. For
example, the user agent might wish to block sending cookies during
"third-party" requests from setting cookies (see Section 7.1).
If the user agent does attach a Cookie header field to an HTTP
request, the user agent MUST send the cookie-string (defined below)
as the value of the header field.
The user agent MUST use an algorithm equivalent to the following
algorithm to compute the "cookie-string" from a cookie store and a
request-uri:
1. Let cookie-list be the set of cookies from the cookie store that
meets all of the following requirements:
* Either:
The cookie's host-only-flag is true and the canonicalized
request-host is identical to the cookie's domain.
Or:
The cookie's host-only-flag is false and the canonicalized
request-host domain-matches the cookie's domain.
* The request-uri's path path-matches the cookie's path.
* If the cookie's secure-only-flag is true, then the request-
uri's scheme must denote a "secure" protocol (as defined by
the user agent).
NOTE: The notion of a "secure" protocol is not defined by
this document. Typically, user agents consider a protocol
secure if the protocol makes use of transport-layer
security, such as SSL or TLS. For example, most user
agents consider "https" to be a scheme that denotes a
secure protocol.
* If the cookie's http-only-flag is true, then exclude the
cookie if the cookie-string is being generated for a "non-
HTTP" API (as defined by the user agent).
2. The user agent SHOULD sort the cookie-list in the following
order:
* Cookies with longer paths are listed before cookies with
shorter paths.
* Among cookies that have equal-length path fields, cookies with
earlier creation-times are listed before cookies with later
creation-times.
NOTE: Not all user agents sort the cookie-list in this order, but
this order reflects common practice when this document was
written, and, historically, there have been servers that
(erroneously) depended on this order.
3. Update the last-access-time of each cookie in the cookie-list to
the current date and time.
4. Serialize the cookie-list into a cookie-string by processing each
cookie in the cookie-list in order:
1. Output the cookie's name, the %x3D ("=") character, and the
cookie's value.
2. If there is an unprocessed cookie in the cookie-list, output
the characters %x3B and %x20 ("; ").
NOTE: Despite its name, the cookie-string is actually a sequence of
octets, not a sequence of characters. To convert the cookie-string
(or components thereof) into a sequence of characters (e.g., for
presentation to the user), the user agent might wish to try using the
UTF-8 character encoding [RFC3629] to decode the octet sequence.
This decoding might fail, however, because not every sequence of
octets is valid UTF-8.