Set-Cookie 被阻止,因为其域属性对于当前主机 url 无效
Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url
我有一个带有域 sambat.io
的 React 前端,部署到 Vercel (Zeit) 和一个节点 API 部署到 Heroku,这个域 https://safe-ridge-68566.herokuapp.com/
和 cookie 设置如下:
res.cookie('something', 'ckwdnjwedjbdh3bhbd2hdbhbhbhfbdsf', {
httpOnly: true,
sameSite: 'none',
domain: '.sambat.io',
secure: true
})
当我访问 front-end 时,我可以在响应中看到 Set-Cookie
header,但它不会设置 cookie,并且出现此警告:
This Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url.
我错过了什么?
这是网络请求和响应的详细信息:
GENERAL
Request URL: https://safe-ridge-68566.herokuapp.com/users/twitter
Request Method: POST
Status Code: 201 Created
RESPONSE HEADERS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://sambat.io
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Set-Cookie: something=hwjdhwjdhwjehdjwdhuhhd3hd3u; Domain=.sambat.io; Path=/; HttpOnly; Secure; SameSite=None
Vary: Origin
REQUEST HEADERS
Accept: application/json, text/plain, */*
Connection: keep-alive
Content-Type: application/json
Cookie: something=hwjdhwjdhwjehdjwdhuhhd3hd3u
Host: safe-ridge-68566.herokuapp.com
Origin: https://sambat.io
Pragma: no-cache
Referer: https://sambat.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
我认为问题是因为前端和后端没有相同的域,尝试通过可能创建子域使后端在相同的域中。
如果您遇到任何其他问题,请告诉我。
编程愉快。
我有一个带有域 sambat.io
的 React 前端,部署到 Vercel (Zeit) 和一个节点 API 部署到 Heroku,这个域 https://safe-ridge-68566.herokuapp.com/
和 cookie 设置如下:
res.cookie('something', 'ckwdnjwedjbdh3bhbd2hdbhbhbhfbdsf', {
httpOnly: true,
sameSite: 'none',
domain: '.sambat.io',
secure: true
})
当我访问 front-end 时,我可以在响应中看到 Set-Cookie
header,但它不会设置 cookie,并且出现此警告:
This Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url.
我错过了什么?
这是网络请求和响应的详细信息:
GENERAL
Request URL: https://safe-ridge-68566.herokuapp.com/users/twitter
Request Method: POST
Status Code: 201 Created
RESPONSE HEADERS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://sambat.io
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Set-Cookie: something=hwjdhwjdhwjehdjwdhuhhd3hd3u; Domain=.sambat.io; Path=/; HttpOnly; Secure; SameSite=None
Vary: Origin
REQUEST HEADERS
Accept: application/json, text/plain, */*
Connection: keep-alive
Content-Type: application/json
Cookie: something=hwjdhwjdhwjehdjwdhuhhd3hd3u
Host: safe-ridge-68566.herokuapp.com
Origin: https://sambat.io
Pragma: no-cache
Referer: https://sambat.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
我认为问题是因为前端和后端没有相同的域,尝试通过可能创建子域使后端在相同的域中。
如果您遇到任何其他问题,请告诉我。
编程愉快。