的Set-Cookie不會在瀏覽器中工作，但與郵差

Question

工作

前端是在localhost：4200和後端是在localhost：8080

我在後端和前端實現CORS配置和所有其他的API請求工作。但是，Set-Cookie標誌不會在我的瀏覽器中創建一個cookie。我有disabled CORS in chrome。

當我使用Postman發出POST請求時，我正確地在Cookie選項卡中看到Cookie。我沒有在網頁瀏覽器中看到cookie。

OPTION請求

Host: localhost:8080 
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-US,en;q=0.5 
Accept-Encoding: gzip, deflate 
Access-Control-Request-Method: POST 
Access-Control-Request-Headers: content-type,credentials 

選項響應

X-Content-Type-Options: nosniff 
X-XSS-Protection: 1; mode=block 
Cache-Control: no-cache, no-store, max-age=0, must-revalidate 
Pragma: no-cache 
Expires: 0 
X-Frame-Options: DENY 
Access-Control-Allow-Origin: http://localhost:4200 
access-control-allow-credentials: true 
access-control-allow-methods: POST, GET, OPTIONS, DELETE 
access-control-max-age: 3600 
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, credentials 
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH 
Content-Length: 0 
Date: Fri, 30 Jun 2017 14:55:58 GMT 

POST請求

Host: localhost:8080 
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 
Accept: application/json, text/plain, */* 
Accept-Language: en-US,en;q=0.5 
Accept-Encoding: gzip, deflate 
Referer: http://localhost:4200/login 
Content-Type: application/json 
credentials: true 
Content-Length: 48 
Origin: http://localhost:4200 
Connection: keep-alive 

POST響應

X-Content-Type-Options: nosniff 
X-XSS-Protection: 1; mode=block 
Cache-Control: no-cache, no-store, max-age=0, must-revalidate 
Pragma: no-cache 
Expires: 0 
X-Frame-Options: DENY 
Access-Control-Allow-Origin: http://localhost:4200 
access-control-allow-credentials: true 
access-control-allow-methods: POST, GET, OPTIONS, DELETE 
access-control-max-age: 3600 
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, credentials 
Set-Cookie: ddd=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOjJmYXhhcyIsImV4cCI6MTQ5ODkyMDk1OH0.sKJLH1GvgbJP28ws2EOZpc8EH0SElB4VQX86m59G8BjT-QAaRW6sInnrF6Y_yNJcIEcrrw_itb-O26KkKza8aA 
Content-Length: 0 
Date: Fri, 30 Jun 2017 14:55:58 GMT 

Answer 1

爲了能夠在這種情況下設置cookie，您必須允許所有OPTIONS請求從過濾器傳遞過來，因爲它們不包含根據this question的cookie，更重要的是當從服務器請求cookie時withCredentials選項必須設置爲true在服務器和客戶端。永遠不要忘記在服務器上啓用CORS請求（你必須定義起源，例如localhost:4200，使用通配符*將不起作用）希望這有助於任何尋找這個問題的答案的人。