Python 如何解码使用withCredentials发送的凭据：true from angular，发送和接收的cookie don'；我没有同样的理由_Python_Angular_Cookies_Jwt_Credentials

Python 如何解码使用withCredentials发送的凭据：true from angular，发送和接收的cookie don'；我没有同样的理由

python angular cookies jwt

Python 如何解码使用withCredentials发送的凭据：true from angular，发送和接收的cookie don'；我没有同样的理由,python,angular,cookies,jwt,credentials,Python,Angular,Cookies,Jwt,Credentials,我有一个python后端，在这里我创建了一个httponly cookie并将其发送到前端后端中的cookie是这样创建的： ... token_session = request.create_jwt_token(1, data=<userdata>, permissions=...) ... response.set_cookie(name='token', value=token_session, secure=False, httponly=True) this.http

我有一个python后端，在这里我创建了一个httponly cookie并将其发送到前端

后端中的cookie是这样创建的：

...
token_session = request.create_jwt_token(1, data=<userdata>, permissions=...)
...
response.set_cookie(name='token', value=token_session, secure=False, httponly=True)

this.http.get(back_end_url, {responseType: 'json', withCredentials: true})...

但是现在，当我使用get请求调用后端时，使用凭据等于true如下所示：

...
token_session = request.create_jwt_token(1, data=<userdata>, permissions=...)
...
response.set_cookie(name='token', value=token_session, secure=False, httponly=True)

this.http.get(back_end_url, {responseType: 'json', withCredentials: true})...

在后端，我看到一个具有不同名称的cookie（name=session）

另一个值等于：

请求。cookies:

我认为问题在于浏览器正在将您的数据转换为字节格式，您需要在rxjs中使用行为主体概念，并为凭证创建一个模型

在这种情况下，凭证无法从javascript访问（httponly cookie）无法从httpclient访问，浏览器本身将附加cookie（不幸的是，编码方式与从后端接收的方式不同）。连接的部分是我可以看到令牌的有效值（在应用程序选项卡中，然后是Cookies-dev tools Chrome中）

5.4.  The Cookie Header

   The user agent includes stored cookies in the Cookie HTTP request
   header.

   When the user agent generates an HTTP request, the user agent MUST
   NOT attach more than one Cookie header field.

   A user agent MAY omit the Cookie header in its entirety.  For
   example, the user agent might wish to block sending cookies during
   "third-party" requests from setting cookies (see Section 7.1).

   If the user agent does attach a Cookie header field to an HTTP
   request, the user agent MUST send the cookie-string (defined below)
   as the value of the header field.

   The user agent MUST use an algorithm equivalent to the following
   algorithm to compute the "cookie-string" from a cookie store and a
   request-uri:

   1.  Let cookie-list be the set of cookies from the cookie store that
       meets all of the following requirements:

       *  Either:

             The cookie's host-only-flag is true and the canonicalized
             request-host is identical to the cookie's domain.

          Or:

             The cookie's host-only-flag is false and the canonicalized
             request-host domain-matches the cookie's domain.

       *  The request-uri's path path-matches the cookie's path.

       *  If the cookie's secure-only-flag is true, then the request-
          uri's scheme must denote a "secure" protocol (as defined by
          the user agent).

             NOTE: The notion of a "secure" protocol is not defined by
             this document.  Typically, user agents consider a protocol
             secure if the protocol makes use of transport-layer
             

         security, such as SSL or TLS.  For example, most user
         agents consider "https" to be a scheme that denotes a
         secure protocol.

   *  If the cookie's http-only-flag is true, then exclude the
      cookie if the cookie-string is being generated for a "non-
      HTTP" API (as defined by the user agent).

   2.  The user agent SHOULD sort the cookie-list in the following
       order:

       *  Cookies with longer paths are listed before cookies with
          shorter paths.

       *  Among cookies that have equal-length path fields, cookies with
          earlier creation-times are listed before cookies with later
          creation-times.

       NOTE: Not all user agents sort the cookie-list in this order, but
       this order reflects common practice when this document was
       written, and, historically, there have been servers that
       (erroneously) depended on this order.

   3.  Update the last-access-time of each cookie in the cookie-list to
       the current date and time.

   4.  Serialize the cookie-list into a cookie-string by processing each
       cookie in the cookie-list in order:

       1.  Output the cookie's name, the %x3D ("=") character, and the
           cookie's value.

       2.  If there is an unprocessed cookie in the cookie-list, output
           the characters %x3B and %x20 ("; ").

   NOTE: Despite its name, the cookie-string is actually a sequence of
   octets, not a sequence of characters.  To convert the cookie-string
   (or components thereof) into a sequence of characters (e.g., for
   presentation to the user), the user agent might wish to try using the
   UTF-8 character encoding [RFC3629] to decode the octet sequence.
   This decoding might fail, however, because not every sequence of
   octets is valid UTF-8.