xmlhttprequest 和 set-cookie &曲奇饼
时间:2023-10-14问题描述
我想我误解了使用 xmlhttprequest 管理 cookie.我有一个响应 XMLHttpRequest 用 javascript 制作的服务器,我的服务器返回 Allow-Control-Access-Origin, Access-Control-Allow-Headers、Access-Control-Expose-Headers 和 Access-Control-Allow-Credentials 标头的值正确.
i think i misunderstood the management of cookies with xmlhttprequest. I have a server that response to the XMLHttpRequest made in javascript, my server returns Allow-Control-Access-Origin, Access-Control-Allow-Headers, Access-Control-Expose-Headers and Access-Control-Allow-Credentials headers with the correct value.
我正在使用 javascript 在服务器中进行 Digest Authenticate,没问题,我从服务器接收到 WWW-Authenticate 标头,我处理并向服务器发送 Authorization 标头所有的摘要响应,一切正常.问题是,当摘要挑战成功时,我的服务器返回一个 Set-Cookie 标头,我必须获取它并添加到我所有 xhr 请求的其余部分.浏览器(使用 Chromium 和 Chrome)不允许我访问标题:
I'm doing a Digest Authenticate in a server with javascript, no problem in that, i receive ok the WWW-Authenticate header from server, i process and send to the server the Authorization header with all the digest-response and everything ok.
The problem is, that when the digest-challenge is succesful, my server returns a Set-Cookie Header, i have to get it and add to the rest of all of my xhr request.
The browser (using Chromium and Chrome) not let me access to the header doing:
xhr.getResponseHeader("Set-Cookie");
好的,在 XMLHTTPREQUEST Level 2 中它说:从响应中返回所有标头, 字段名称为 Set-Cookie 或 Set-Cookie2 的除外"好的,所以我不能接受,但是有什么方法?将 Chrome Api 用于 cookie(目前我没有读到关于它的注意事项),但我想尽可能采用标准方式.与:
Ok, in the XMLHTTPREQUEST Level 2 it says: "Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2" Ok, so i cant take it, but what are the ways? Using the Chrome Api for cookies (at the moment i dont read noting about it), but i want to do for a standard manner as posible. With the:
xhr.withCredentials = true;
表示浏览器自动获取set-cookie并发送cookie headers??
means that the browser automatically get the set-cookie and send in cookie headers??
推荐答案
来自 CORS 规范 http://www.w3.org/TR/cors/#make-a-request-steps:
From CORS spec http://www.w3.org/TR/cors/#make-a-request-steps:
每当应用发出请求的步骤时,从原始来源中获取请求 URL,并设置手动重定向标志,如果设置了省略凭据标志,则设置阻止 cookie 标志.使用方法请求方法,实体主体请求实体主体,包括作者请求标头,如果未设置省略凭据标志,则包括用户凭据.如果源源是全局唯一标识符,则排除 Referer 标头.
Whenever the make a request steps are applied, fetch the request URL from origin source origin with the manual redirect flag set, and the block cookies flag set if the omit credentials flag is set. Use method request method, entity body request entity body, including the author request headers, and include user credentials if the omit credentials flag is unset. Exclude the Referer header if source origin is a globally unique identifier.
正如您所说 - 如果您使用 withCredentials,浏览器会添加 cookie.
As you correctly says - cookies are added by browser if you use withCredentials.
这篇关于xmlhttprequest 和 set-cookie &曲奇饼的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!
相关文章
即使在调用 abort (jQuery) 之后,浏览器也会等待Browser waits for ajax call to complete even after abort has been called (jQuery)(即使在调用 abort (jQuery) 之后,浏览器也会等待 ajax 调用- JavaScript innerHTML 不适用于 IE?JavaScript innerHTML is not working for IE?(JavaScript innerHTML 不适用于 IE?)
- XMLHttpRequest 无法加载,请求的资源上不存在“AXMLHttpRequest cannot load, No #39;Access-Control-Allow-Origin#39; header is present on the requested resource(XMLHttpRequest 无法加载,请求的资
- XHR HEAD 请求是否有可能不遵循重定向 (301 302)Is it possible for XHR HEAD requests to not follow redirects (301 302)(XHR HEAD 请求是否有可能不遵循重定向 (301 302))
- NETWORK_ERROR:XMLHttpRequest 异常 101NETWORK_ERROR: XMLHttpRequest Exception 101(NETWORK_ERROR:XMLHttpRequest 异常 101)
- XMLHttpRequest 206 部分内容XMLHttpRequest 206 Partial Content(XMLHttpRequest 206 部分内容)
最新文章
- 为什么 Chrome 会取消 CORS OPTION 请求
- IE10 和 Image/Canvas 的跨域资源共享 (CORS) 问题
- 带有 ES6 Promises 的 jQuery ajax
- CORS 和 Origin 标头?
- 使用 Polymer Iron-ajax 和 Node.js 发出 CORS 请求
- BigCommerce API 是否支持 CORS?
- 从本地文件夹导入 type=module 的脚本会导致 CORS 问
- HTTP 预检 (OPTIONS) 请求仅在 IE 中失败
- 禁止预检 403 响应
- Javascript CORS - 不存在“Access-Control-Allow-Origin&quo