问题描述
我在它提供的按的内容,一组在不同域中托管的Web应用程序的应用工作。我使用Sails.js和Socket.io,并且它的结构是这样的:
I'm working in an application which delivers push content to a group of web applications hosted in different domains. I'm using Sails.js and Socket.io, and structured it like this:
客户端脚本,每个Web应用程序的客户端浏览器中运行,是这样的:
The client script, running on each web application's client's browser, is something like:
socket.on('customEvent', function(message){
//do something with message on event trigger
}
,然后在服务器,事件自定义事件在需要的时候发出的,和它的作品(如在的onConnect
事件:帆.io.emit(自定义事件',{消息...}
)。
但是,当涉及处理授权我现在面临的一个问题。我试过第一种方法是基于Cookie的身份验证,因为在这里解释(通过改变 API /配置/ sockets.js
函数 authorizeAttemptedSocketConnection
),但它不是生产一个适当的解决方案,它不是在浏览器支持用更严格的cookie政策(由于其默认禁止第三方cookie)。
But I'm facing a problem when it comes to handle authorization. The first approach I've tried is a cookie-based auth, as explained here (by changing the api/config/sockets.js
function authorizeAttemptedSocketConnection
), but it isn't a proper solution for production and it isn't supported in browsers with a more restrictive cookie policy (due to their default prohibition to third-party cookies).
我的问题是:如何实现用sails.js适当的跨浏览器和跨域的授权机制,可以在socket.io的授权过程的支持。
My question is: how to implement a proper cross-browser and cross-domain authorization mechanism using sails.js, that can be supported in socket.io's authorization process?
==
更多细节:
- 我也尝试添加的登录与一家知名的OAuth提供商(如Facebook)的,使用这个例子的位置。我有护照会话,但我仍然无法从客户端脚本来验证(它只能在直接点我的应用程序托管页)。
- 一个JSONP请求,以获取会话可能是一个解决方案,但它并没有在Safari工作。另外,我preFER用户在Web应用程序之一进行身份验证,而不是直接在我的节点应用。
- I also tried adding a login with a well-known oauth provider (e.g. facebook), using this example as a base. I've got the Passport session, but I'm still unable to authenticate from the client script (it only works in pages hosted by my node app directly).
- A JSONP request to obtain the session might be a solution, but it didn't work well in Safari. Plus I prefer the user to be authenticated in one of the web apps, rather than in my node application directly.
推荐答案
I believe your routes must handle CORS mate. Example:
'/auth/logout': {
controller: 'AuthController',
action: 'logout',
cors: '*'
},
值得mentionning,你必须指定socket.io具有连接(前端JS):
Worth mentionning that you must specify where socket.io has to connect to (front-end JS):
socket = io.connect(API.url);
对于任何普通的HTTP GET / PUT / POST / DELETE,请确保您的AJAX信封去与凭据(饼干)。例如具有角
$httpProvider.defaults.withCredentials = true
这篇关于跨域Sails.js + Socket.io授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!