Cordova/Android 中后续请求中未使用 Set-Cookie

问题描述 投票:0回答:1

我知道这个话题已经讨论过,但我无法弄清楚这个问题。

  • 客户端:在 Android 模拟器(本地主机)上运行的 Cordova 应用程序
  • 服务器:远程服务器

流量:

  • 1-客户端通过 POST 发送登录凭据
  • 2-服务器响应 Set-Cookie:TOKEN=TOKEN
  • 3-客户端发送另一个请求(应包含cookie)

2-服务器响应标头

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost
Content-Length: 757
Content-Security-Policy: img-src 'self' data: blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 05 Apr 2024 22:55:12 GMT
Etag: W/"2f5-cF2DgIYE70TbTgbAxYrSxvRZvYU"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: nginx
Set-Cookie: TOKEN=CONTENT; Path=/; Expires=Sat, 06 Apr 2024 22:55:11 GMT; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=15552000; includeSubDomains
Strict-Transport-Security: max-age=31536000
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0

3-客户请求

:Authority: remote.server.dns.com
:Method: GET
:Path: /api/route
:Scheme: https
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Access-Control-Allow-Origin: https://remote.server.dns.com:443
Content-Type: application/json;charset=UTF-8
Origin: https://localhost
Referer: https://localhost/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Linux; Android 14; sdk_gphone64_x86_64 Build/UE1A.230829.036.A1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/113.0.5672.136 Mobile Safari/537.36
X-Requested-With: com.dns.sub

因此服务器拒绝 (3),因为路由 

api/route
是安全的并且需要 cookie...

帮忙?

注意:我不是在询问 cookie 持久性,也不是在询问客户端 cookie 定义;)

我尝试过的:

  • w/或w/o 
    Access-Control-Allow-Credentials
  • w/或w/o 
    Access-Control-Allow-Origin
  • 有/或没有许多cordova插件...
  • 询问chatgpt但是...chatgpt...
android cordova cookies cors
1个回答
0
投票

解决方案: 该问题与 cordova/android 无关。 这个问题是我没有用 credential = true 标记我的 XHR 请求以允许跨域发送 cookie/授权。

对于

fetch(...)
,请使用
credentials:"include"
,例如:

fetch(url, {
    method: "POST",
    headers,
    credentials: "include",
    body: new Blob([JSON.stringify(params)], { type: "application/json" }),
})

对于

XMLHttpRequest
,请使用
withCredentials = true
,例如:

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
...
xhr.send();
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.