对于我正在开发的 Angular 1 应用程序,使用了 cookie 身份验证。问题是:当进行 OPTIONS 调用时,不会发送 cookie,并且服务器会尝试重定向用户以再次登录。只是想知道,这是谁的“错”?服务器(Azure API 应用程序)还是前端?如果是前端,如何在 OPTIONS 调用中发送 cookie?我正在使用 augular-resource 并配置如下:
$httpProvider.defaults.withCredentials = true
最佳答案
Otherwise, make a preflight request. Fetch the request URL from origin source origin using referrer source as override referrer source with the manual redirect flag and the block cookies flag set, using the method OPTIONS, and with the following additional constraints … Exclude user credentials.
The term user credentials for the purposes of this specification means cookies, HTTP authentication, and client-side SSL certificates that would be sent based on the user agent's previous interactions with the origin. Specifically it does not refer to proxy authentication or the Origin header.
因此客户端不应发送 cookie,并且服务器应该能够响应预检请求,而无需首先进行身份验证。
关于javascript - 未根据 OPTIONS 请求发送 Cookie,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41760128/