更新时间:2023-09-01 23:31:46
确实需要使之生效:
访问权限-control-allow-credentials:true
access-control-allow-origin:aaa.shared.com
(不是通配符)安全
SameSite = None
access-control-allow-credentials: true
access-control-allow-origin: aaa.shared.com
(not a wildcard)Secure
SameSite=None
发送请求时,您只是想念一件事:凭据:包括 。
You were just missing one thing when sending the request: credentials: 'include'.
我创建了一个模拟终结点,您可以使用该终结点两次(在另一个域的控制台中)测试这一行代码:
I've created a mock endpoint that you can use to test this line of code twice (in the console of another domain):
fetch('https://***.free.beeceptor.com', { credentials: 'include' });
您会注意到Cookie将第二次发送。
You'll notice the cookie will be sent the second time.
如果模拟端点过期(不知道它会持续多久),或者有人将其销毁,则可以在 http://beeceptor.com ,其标头配置中包含以下JSON:
In case the mock endpoint expires (no idea how long it lasts), or if someone destroys it, you can recreate it on http://beeceptor.com with this JSON in the header configuration:
{
"Content-Type": "application/json",
"Set-Cookie": "test=value; Path=/; Secure; SameSite=None;",
"access-control-allow-origin": "https://yourdomain",
"Access-Control-Allow-Credentials": "true"
}