Cookie未使用Node + Express + Nginx设置
我有一个使用Express的Node应用程序,我尝试为我的客户端设置一个cookie。它适用于本地环境(http)。但是一旦我投入生产(https),我就会很好地收到cookie(我可以在响应中看到它),但它没有设置。任何的想法?
Nginx conf:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 443 ssl default_server;
listen [::]:443 default_server;
server_name back.domain;
ssl_certificate /etc/letsencrypt/.../fullchain.pem;
ssl_certificate_key /etc/letsencrypt/.../privkey.pem;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
}
所以p:
const api = express()
api.enable('trust proxy')
api.use(cors({origin: '', credentials: true}))
api.post('/login', (req, res) => {
// validate credentials and generate token
// set expires to 24h
res
.cookie('token', token, {expires, httpOnly: true, secure: true})
.sendStatus(204)
})
面前:
// I use the axios lib
axios({
baseURL: '',
url: '/login',
withCredentials: true,
method: 'POST'
}
回答如下:
经过几个小时的研究后我发现了...当我创建cookie时,我必须将domain
键设置为domain
:
res
.cookie('token', token, {expires, httpOnly: true, secure: true, domain: 'domain'})
.sendStatus(204)
Cookie未使用Node + Express + Nginx设置
我有一个使用Express的Node应用程序,我尝试为我的客户端设置一个cookie。它适用于本地环境(http)。但是一旦我投入生产(https),我就会很好地收到cookie(我可以在响应中看到它),但它没有设置。任何的想法?
Nginx conf:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 443 ssl default_server;
listen [::]:443 default_server;
server_name back.domain;
ssl_certificate /etc/letsencrypt/.../fullchain.pem;
ssl_certificate_key /etc/letsencrypt/.../privkey.pem;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
}
所以p:
const api = express()
api.enable('trust proxy')
api.use(cors({origin: '', credentials: true}))
api.post('/login', (req, res) => {
// validate credentials and generate token
// set expires to 24h
res
.cookie('token', token, {expires, httpOnly: true, secure: true})
.sendStatus(204)
})
面前:
// I use the axios lib
axios({
baseURL: '',
url: '/login',
withCredentials: true,
method: 'POST'
}
回答如下:
经过几个小时的研究后我发现了...当我创建cookie时,我必须将domain
键设置为domain
:
res
.cookie('token', token, {expires, httpOnly: true, secure: true, domain: 'domain'})
.sendStatus(204)