经过大量的头撞和大量的时间浪费,我了解到如果我使用curl 来测试将令牌存储到 cookie 中,如flask_jwt_extended website 所示
cookie 没有设置,但如果我在浏览器中使用 RESTClient,cookie 确实会设置。
我试过这个卷曲:curl -H "Content-Type: application/json" -X POST -d '{"username":"test","password":"test"}' http://localhost:5000/token/auth
【问题讨论】:
标签: curl setcookie flask-jwt-extended
使用flash_jwt_extended example,如果你设置详细模式-v你可以看到cookie被设置:
* upload completely sent off: 37 out of 37 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: application/json
< Content-Length: 15
< Set-Cookie: access_token_cookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwZjM4Zjg5NC1hNzRmLTQ5NTMtODYwOC1mOTdmNzhmNDIyMWMiLCJleHAiOjE1NDA2MDA4MDEsImZyZXNoIjpmYWxzZSwiaWF0IjoxNTQwNTk5OTAxLCJ0eXBlIjoiYWNjZXNzIiwibmJmIjoxNTQwNTk5OTAxLCJpZGVudGl0eSI6InRlc3QifQ.D-ZGU2Bglb0N1h02yTeV3NBuWjlx7FB0UNG5mkukrHA; HttpOnly; Path=/api/
< Set-Cookie: refresh_token_cookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkYTcyZjcyYS00MTU2LTRlYWYtOWEwZC03ODZjMTQ3ZWZjZTUiLCJleHAiOjE1NDMxOTE5MDEsImlhdCI6MTU0MDU5OTkwMSwidHlwZSI6InJlZnJlc2giLCJuYmYiOjE1NDA1OTk5MDEsImlkZW50aXR5IjoidGVzdCJ9.Lhla3ZwhY4vHgOFhmjBxPKnEmi1uoh-WXIwTWj_ibwI; HttpOnly; Path=/token/refresh
< Server: Werkzeug/0.14.1 Python/2.7.13
< Date: Sat, 27 Oct 2018 00:25:01 GMT
<
{"login":true}
* Closing connection 0
如果您想在多个 curl 命令之间保留 cookie,请使用 -c cookie.txt 将 cookie 存储在文件 cookie.txt 中,并在您的其他 curl 命令中使用 -b cookie.txt 加载它们:
curl -H "Content-Type: application/json" \
-d '{"username":"test","password":"test"}' \
"http://localhost:5000/token/auth" -c cookie.txt
curl "http://localhost:5000/api/example" -b cookie.txt
【讨论】: