【发布时间】:2019-06-14 09:46:51
【问题描述】:
我有一个 Angular 7 应用程序使用 Couchdb 进行身份验证。在使用凭据执行 POST _session 时,cookie 正在浏览器中设置。但是在执行 GET _session 检查身份验证状态时,即使在 POST 标头中使用 withCredentials: true 后,cookie 也不会自动设置。
POST 请求:
let _httpHeaders = new HttpHeaders();
_httpHeaders = _httpHeaders.set('Accept', 'application/json');
_httpHeaders = _httpHeaders.set('Content-type', 'application/json');
_httpHeaders = _httpHeaders.set('Authorization', 'Basic ' + btoa(data.name + ':' + data.password));
const options = { headers: _httpHeaders, withCredentials: true };
console.log(options);
return this._httpService.doAsyncTask(AppConstants.LOGIN_URL, 'POST', data, options);
GET 请求:
return this._httpService.doAsyncTask(AppConstants.LOGIN_URL + '?basic=true', 'GET');
在 GET 请求的标头中设置 withCredentials: true 也不起作用。
我得到的回应:
{"error":"unauthorized","reason":"请登录。"}
GET 调用的请求和响应标头: 请求标头:
Accept: application/json, text/plain, */*
Origin: http://localhost:5800
Referer: http://localhost:5800/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
响应标头:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:5800
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Cache-Control: must-revalidate
Connection: keep-alive
Content-Length: 50
Content-Type: application/json
Date: Fri, 14 Jun 2019 09:41:31 GMT
Server: nginx/1.10.3 (Ubuntu)
X-Couch-Request-ID: 3fb687405b
X-CouchDB-Body-Time: 0
【问题讨论】:
标签: angular authentication cookies couchdb