Couchdb _session POST 未在 Chrome 中从 Angular 7 应用返回 set-cookie header
Couchdb _session POST not returning set-cookie header in Chrome from Angular 7 app
我有一个 Angular 7 应用程序向 couchDb _sessions api 发出 POST 请求以进行身份验证。根据 documentation 我应该在响应 header 中得到一个 set-cookie header 但没有 set-cookie header.
这是响应的样子:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:5800
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Cache-Control: must-revalidate
Connection: keep-alive
Content-Length: 46
Content-Type: application/json
Date: Mon, 10 Jun 2019 20:21:53 GMT
Server: nginx/1.10.3 (Ubuntu)
但是如果我通过 curl 发送相同的请求:
curl -v https://example.org/_session -H
"Content-Type:application/json
" -d '{"name":"user","password":"password"}'
这是我得到的:
< HTTP/1.1 200 OK
< Server: nginx/1.10.3 (Ubuntu)
< Date: Mon, 10 Jun 2019 20:25:54 GMT
< Content-Type: application/json
< Content-Length: 46
< Connection: keep-alive
< Cache-Control: must-revalidate
< Set-Cookie: AuthSession=c2JxMTIzOjVDRkVCQ0QyOvjMZQhdhyUqRjmDjl_Hipiz7hxa; Version=1; Expires=Mon, 10-Jun-2019 20:35:54 GMT; Max-Age=600; Path=/; HttpOnly
<
{ [46 bytes data]
100 87 100 46 100 41 46 41 0:00:01 --:--:-- 0:00:01 154{"ok":true,"name":"username","roles":["sales"]}
我也尝试将 { withCredentials: true} 放入 header 中,但我仍然没有收到任何 cookie。 chrome dev-tools 应用程序选项卡和浏览器的 cookie 部分也不存在 cookie。
const _httpHeaders = new HttpHeaders();
const headers = _httpHeaders.append('withCredentials', 'true');
console.log(headers);
return this._httpService.doAsyncTask(AppConstants.LOGIN_URL, 'POST', data, {headers});
我怎样才能找到解决方案?
使用 Basic Authorization header 和 withCredentials: true 应该可以。
let httpHeaders = new HttpHeaders();
httpHeaders = httpHeaders.set('Accept', 'application/json');
httpHeaders = httpHeaders.set('Content-type', 'application/json');
httpHeaders = httpHeaders.set('Authorization', 'Basic ' + btoa(user + ':' + password));
const options = { headers: httpHeaders, withCredentials: true };
this._httpService.doAsyncTask(AppConstants.LOGIN_URL, 'POST', data, options);
btoa() 以 base-64 编码 user/password。 data object 不应再次包含凭据。
我有一个 Angular 7 应用程序向 couchDb _sessions api 发出 POST 请求以进行身份验证。根据 documentation 我应该在响应 header 中得到一个 set-cookie header 但没有 set-cookie header.
这是响应的样子:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:5800
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Cache-Control: must-revalidate
Connection: keep-alive
Content-Length: 46
Content-Type: application/json
Date: Mon, 10 Jun 2019 20:21:53 GMT
Server: nginx/1.10.3 (Ubuntu)
但是如果我通过 curl 发送相同的请求:
curl -v https://example.org/_session -H "Content-Type:application/json
" -d '{"name":"user","password":"password"}'
这是我得到的:
< HTTP/1.1 200 OK
< Server: nginx/1.10.3 (Ubuntu)
< Date: Mon, 10 Jun 2019 20:25:54 GMT
< Content-Type: application/json
< Content-Length: 46
< Connection: keep-alive
< Cache-Control: must-revalidate
< Set-Cookie: AuthSession=c2JxMTIzOjVDRkVCQ0QyOvjMZQhdhyUqRjmDjl_Hipiz7hxa; Version=1; Expires=Mon, 10-Jun-2019 20:35:54 GMT; Max-Age=600; Path=/; HttpOnly
<
{ [46 bytes data]
100 87 100 46 100 41 46 41 0:00:01 --:--:-- 0:00:01 154{"ok":true,"name":"username","roles":["sales"]}
我也尝试将 { withCredentials: true} 放入 header 中,但我仍然没有收到任何 cookie。 chrome dev-tools 应用程序选项卡和浏览器的 cookie 部分也不存在 cookie。
const _httpHeaders = new HttpHeaders();
const headers = _httpHeaders.append('withCredentials', 'true');
console.log(headers);
return this._httpService.doAsyncTask(AppConstants.LOGIN_URL, 'POST', data, {headers});
我怎样才能找到解决方案?
使用 Basic Authorization header 和 withCredentials: true 应该可以。
let httpHeaders = new HttpHeaders();
httpHeaders = httpHeaders.set('Accept', 'application/json');
httpHeaders = httpHeaders.set('Content-type', 'application/json');
httpHeaders = httpHeaders.set('Authorization', 'Basic ' + btoa(user + ':' + password));
const options = { headers: httpHeaders, withCredentials: true };
this._httpService.doAsyncTask(AppConstants.LOGIN_URL, 'POST', data, options);
btoa() 以 base-64 编码 user/password。 data object 不应再次包含凭据。