问题描述
我在发送跨域会话cookie时遇到问题,搜索后我更加困惑.最初,我在 foo.vercel.com 上有一个客户端(下一个应用程序),在 bar.heroku.com 上有一个api(Express).发送和保存Cookie可以在localhost上正常工作,但是在部署后,默认设置为 lex 的 sameSite 出现了问题.所以我将其更改为 none .但是我发现 sameSite none 在cookie集上需要 secure 标志,因此我也对此进行了更改.
I have a problem with sending cross domain session cookie and after searching I got even more confused.Originally I had a client (Next app) on foo.vercel.com and the api (Express) on bar.heroku.com.Sending and saving cookies was working correctly on localhost, but after deployment I got a problem with the sameSite set to lex by default. So I changed it to none. But I found that the sameSite none requires secure flag on the cookie set, so I also changed that.
将安全设置为 true 后,将不再发送cookie.
After setting secure to true the cookie is no longer being sent.
我的服务器和客户端都托管在HTTPS上.我检查了heroku上的日志,并且请求协议为HTTPS....但是,当我从GraphQL解析器中控制台记录 request.protocol 时,协议为HTTP:
Both my server and client are hosted on HTTPS. I checked the logs on the heroku and the request protocol is HTTPS... however when I console.log a request.protocol from a GraphQL resolver the protocol is HTTP:
看到此
我将客户端移至 baz.heroku.com ,但问题仍然存在.
I moved the client to baz.heroku.com but the problem remains.
为了检查一切是否仍然有效,我在 chrome://flags 中禁用了 没有SameSite的cookie ,它可以正常工作正确.
In order to check if everything still works I disabled the Cookies without SameSite must be secure in chrome://flags and it works correctly.
- 甚至可以设置cookie跨域吗?
- 为什么POST方法的协议与我在快递服务器中收到的请求的协议不同.(我从express获得请求,并将其通过上下文传递给GraphQL解析器)
- 当然,我该如何将Cookie发送到不同域上的客户端.
我将不胜感激.
推荐答案
问题是Heroku的代理.我必须将以下内容添加到快递服务器中:
The problem was Heroku's proxy. I had to add the following to the express server:
app.set("trust proxy", 1);
这篇关于快递不发送跨域Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!