未使用 Flask JWT 扩展设置 Cookie
Cookies not being set with Flask JWT extended
我正在使用 flask-jwt-extended 并尝试发送一个 cookie。不幸的是,我没有存储在浏览器中,但我可以在 header 中找到它:
Set-Cookie: refresh_token_cookie=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1OTM0NjUwNDgsIm5iZiI6MTU5MzQ2NTA0OCwianRpIjoiMjk3ZmQ2NTgtZDBmMi00ZjNlLWI0MGItNWViZDEzYzFjYWFhIiwiZXhwIjoxNTk2MDU3MDQ4LCJpZGVudGl0eSI6eyJpZCI6MSwicm9sbGUiOiJhZG1pbmlzdHJhdG9yIn0sInR5cGUiOiJyZWZyZXNoIiwiY3NyZiI6IjlmM2EzNGU2LTFjYzYtNDI4MC04NzEzLThkYmRiYTUyNzg2ZiJ9.Dcow66aWcChwvYHorP1Tk57bTT25ZP3k2Dlvuo9Vngs; Secure; HttpOnly; Path=/auth/refresh
我觉得它格式不正确:例如,“Secure”应该是“True”,我怀疑这就是它没有被存储的原因( 问题是解决同样的问题,但我没有设法用那里提供的答案解决它。
init.py(相关部分):
from flask_jwt_extended import JWTManager
from flask_cors import CORS
from config import Config
jwt = JWTManager()
def create_app(config_class=Config):
app = Flask(__name__)
app.config.from_object(config_class)
app.config['JWT_TOKEN_LOCATION'] = ['cookies']
app.config['JWT_COOKIE_SECURE'] = True
app.config['JWT_ACCESS_COOKIE_PATH'] = '/auth'
app.config['JWT_REFRESH_COOKIE_PATH'] = '/auth/refresh'
app.config['JWT_COOKIE_CSRF_PROTECT'] = True
app.config['JWT_COOKIE_SECURE'] = True
app.config['JWT_CSRF_CHECK_FORM'] = True
app.config['JWT_SECRET_KEY'] = "change this"
CORS(app, supports_credentials=True)
jwt.init_app(app)
routes.py(相关部分):
@bp.route('/login', methods=['POST'])
def login():
...
resp = jsonify(access_token=access_token,
refresh_token=refresh_token)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
我以扩展的 example in the official repo 为灵感。我在这里做错了什么?
原来是 Angular 错误 - 缺少“withCredentials: true”。
login(email: string, password: string): Observable<TokenPair> {
const url: string = `${this.BASE_URL}` + '/auth/login';
return this.http.post<TokenPair>(
url,
JSON.stringify({ email, password }),
{
withCredentials: true,
},
);
}
我正在使用 flask-jwt-extended 并尝试发送一个 cookie。不幸的是,我没有存储在浏览器中,但我可以在 header 中找到它:
Set-Cookie: refresh_token_cookie=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1OTM0NjUwNDgsIm5iZiI6MTU5MzQ2NTA0OCwianRpIjoiMjk3ZmQ2NTgtZDBmMi00ZjNlLWI0MGItNWViZDEzYzFjYWFhIiwiZXhwIjoxNTk2MDU3MDQ4LCJpZGVudGl0eSI6eyJpZCI6MSwicm9sbGUiOiJhZG1pbmlzdHJhdG9yIn0sInR5cGUiOiJyZWZyZXNoIiwiY3NyZiI6IjlmM2EzNGU2LTFjYzYtNDI4MC04NzEzLThkYmRiYTUyNzg2ZiJ9.Dcow66aWcChwvYHorP1Tk57bTT25ZP3k2Dlvuo9Vngs; Secure; HttpOnly; Path=/auth/refresh
我觉得它格式不正确:例如,“Secure”应该是“True”,我怀疑这就是它没有被存储的原因(
init.py(相关部分):
from flask_jwt_extended import JWTManager
from flask_cors import CORS
from config import Config
jwt = JWTManager()
def create_app(config_class=Config):
app = Flask(__name__)
app.config.from_object(config_class)
app.config['JWT_TOKEN_LOCATION'] = ['cookies']
app.config['JWT_COOKIE_SECURE'] = True
app.config['JWT_ACCESS_COOKIE_PATH'] = '/auth'
app.config['JWT_REFRESH_COOKIE_PATH'] = '/auth/refresh'
app.config['JWT_COOKIE_CSRF_PROTECT'] = True
app.config['JWT_COOKIE_SECURE'] = True
app.config['JWT_CSRF_CHECK_FORM'] = True
app.config['JWT_SECRET_KEY'] = "change this"
CORS(app, supports_credentials=True)
jwt.init_app(app)
routes.py(相关部分):
@bp.route('/login', methods=['POST'])
def login():
...
resp = jsonify(access_token=access_token,
refresh_token=refresh_token)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
我以扩展的 example in the official repo 为灵感。我在这里做错了什么?
原来是 Angular 错误 - 缺少“withCredentials: true”。
login(email: string, password: string): Observable<TokenPair> {
const url: string = `${this.BASE_URL}` + '/auth/login';
return this.http.post<TokenPair>(
url,
JSON.stringify({ email, password }),
{
withCredentials: true,
},
);
}