SameSite property invalid Cookies HTTPONLY MERN(SameSite属性无效的Cookies HTTPONLY MERN)
本文介绍了SameSite属性无效的Cookies HTTPONLY MERN的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Same site property=None没有应用,而且,它告诉我属性无效!我被弄糊涂了,因为没有关于这么有帮助的答案!我正在构建MERN应用程序,需要将JWT令牌存储在HTTP Only Cookie中。一切都很好,但是在部署到Heroku时(前面和后面的不同URL),我不能将cookie放在前端,因为浏览器不接受它,因为它默认设置了相同的site lax属性。我尝试添加该属性,如下所示: 我的快速代码
res.cookie("nToken", token, {
maxAge: 2 * 60 * 60 * 1000000000,
httpOnly: true,
path: "/",
sameSite: "none",
secure:true,
expires: new Date(new Date().getTime() + 86409000).toUTCString(),
});
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: <here's my app link>
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Set-Cookie
Set-Cookie: HttpOnly;Secure;SameSite=None
Set-Cookie: nToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYwYzM5ODg1ODIzMzlhMDAxNWMyMTcwMSIsImVtYWlsIjoiZW1haWxAbWFpbC5tZSIsImlhdCI6MTYyMzQzMTMwMSwiZXhwIjoxNjU0OTg4MjI3fQ.2P01XOOfEcDJYAuVc5Yzui60eG7IoIpFLRwO_AWix3g; Max-Age=7200000000; Path=/; Expires=Thu, 09 Aug 2249 01:08:21 GMT; HttpOnly; Secure
Content-Type: text/html; charset=utf-8
Content-Length: 54
Etag: W/"36-aZJNemOi1ZLLvYvfnmd2IxO+/h4"
Date: Fri, 11 Jun 2021 17:08:21 GMT
Via: 1.1 vegur
const { shouldSendSameSiteNone } = require('should-send-same-site-none');
app.use(cookieParser());
app.use(shouldSendSameSiteNone);
const corsOptions = {
origin: "here comes my link of frontend",
credentials: true, //access-control-allow-credentials:true
methods: ['POST', 'PUT', 'GET', 'OPTIONS', 'HEAD'],
optionSuccessStatus: 200,
};
app.use(cors(corsOptions));
app.use((req, res, next) => {
res.header("Access-Control-Allow-Credentials", true);
res.header('Access-Control-Allow-Headers', 'Set-Cookie');
res.header("Set-Cookie", "HttpOnly;Secure;SameSite=None");
// res.header(
// "Access-Control-Allow-Headers",
// "Origin, X-Requested-With, Content-Type, Accept"
// );
res.header("Access-Control-Allow-Origin", "here comes my link of frontend");
next();
});
(我删除了一些代码,因此可读性更好)
调用它的前端代码:
useEffect(() => {
document.querySelector("#signUp").addEventListener("click", async () => {
const email = document.querySelector("#emailInput");
const password = document.querySelector("#passInput");
const res = await axios({
method: "POST",
url: vars.BACKENDURL + "/usercreate",
withCredentials: true,
data: { user: { email: email.value, password: password.value } },
});
});
}, []);
推荐答案
已解决!只需将我的A帖子中提到的语法替换为以下语法:
res.header("Set-Cookie", "nToken=" + token + ";Path=/;HttpOnly;Secure;SameSite=None;Expires=31556926");这篇关于SameSite属性无效的Cookies HTTPONLY MERN的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
沃梦达教程
本文标题为:SameSite属性无效的Cookies HTTPONLY MERN
基础教程推荐
猜你喜欢
- 响应更改 div 大小保持纵横比 2022-01-01
- 动态更新多个选择框 2022-01-01
- 悬停时滑动输入并停留几秒钟 2022-01-01
- 在 JS 中获取客户端时区(不是 GMT 偏移量) 2022-01-01
- Karma-Jasmine:如何正确监视 Modal? 2022-01-01
- 有没有办法使用OpenLayers更改OpenStreetMap中某些要素 2022-09-06
- 角度Apollo设置WatchQuery结果为可用变量 2022-01-01
- 在for循环中使用setTimeout 2022-01-01
- 当用户滚动离开时如何暂停 youtube 嵌入 2022-01-01
- 我什么时候应该在导入时使用方括号 2022-01-01
