Cookie未使用Node + Express + Nginx设置

我有一个使用Express的Node应用程序，我尝试为我的客户端设置一个cookie。它适用于本地环境（http）。但是一旦我投入生产（https），我就会很好地收到cookie（我可以在响应中看到它），但它没有设置。任何的想法？

Nginx conf：

http {
  include mime.types;
  default_type application/octet-stream;
  sendfile on;
  keepalive_timeout 65;
  gzip on;

  server {
    listen 443 ssl default_server;
    listen [::]:443 default_server;
    server_name back.domain;

    ssl_certificate  /etc/letsencrypt/.../fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/.../privkey.pem;

    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
  }
}

所以p：

const api = express()

api.enable('trust proxy')
api.use(cors({origin: '', credentials: true}))

api.post('/login', (req, res) => {
  // validate credentials and generate token
  // set expires to 24h

  res
    .cookie('token', token, {expires, httpOnly: true, secure: true})
    .sendStatus(204)
})

面前：

// I use the axios lib
axios({
  baseURL: '',
  url: '/login',
  withCredentials: true,
  method: 'POST'
}

经过几个小时的研究后我发现了...当我创建cookie时，我必须将domain键设置为domain：

res
  .cookie('token', token, {expires, httpOnly: true, secure: true, domain: 'domain'})
  .sendStatus(204)

Cookie未使用Node + Express + Nginx设置

我有一个使用Express的Node应用程序，我尝试为我的客户端设置一个cookie。它适用于本地环境（http）。但是一旦我投入生产（https），我就会很好地收到cookie（我可以在响应中看到它），但它没有设置。任何的想法？

Nginx conf：

http {
  include mime.types;
  default_type application/octet-stream;
  sendfile on;
  keepalive_timeout 65;
  gzip on;

  server {
    listen 443 ssl default_server;
    listen [::]:443 default_server;
    server_name back.domain;

    ssl_certificate  /etc/letsencrypt/.../fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/.../privkey.pem;

    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
  }
}

所以p：

const api = express()

api.enable('trust proxy')
api.use(cors({origin: '', credentials: true}))

api.post('/login', (req, res) => {
  // validate credentials and generate token
  // set expires to 24h

  res
    .cookie('token', token, {expires, httpOnly: true, secure: true})
    .sendStatus(204)
})

面前：

// I use the axios lib
axios({
  baseURL: '',
  url: '/login',
  withCredentials: true,
  method: 'POST'
}

经过几个小时的研究后我发现了...当我创建cookie时，我必须将domain键设置为domain：

res
  .cookie('token', token, {expires, httpOnly: true, secure: true, domain: 'domain'})
  .sendStatus(204)