我有一个Angular和Laravel应用程序。 Laravel服务器处理来自前端Angular客户端的所有API请求。当客户端调用服务器时,API响应中的cookie未在客户端浏览器上设置。标题中的响应看起来正确:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, Content-Type, X-XSRF-TOKEN, Authorization
Access-Control-Allow-Methods:GET, POST, PUT, DELETE
Access-Control-Allow-Origin:*
Cache-Control:no-cache
Connection:close
Content-Type:application/json
Date:Sun, 26 Jun 2016 02:06:01 GMT
Host:localhost:8000
Set-Cookie:XSRF-TOKEN=eyJpdiI6ImJzK3VTcTVBb3l5dTdGTXBweWpGTEE9PSIsInZhbHVlIjoiXC9ERE1Rb3E5U2NaRytKcytFOU8yK2lpN1BVMVBoajFjUUtMdTdPeXRIT0krbUJTNEtwOWM4NU0zTDJxckN2QXlFREV5SVJiY2tjWGNJQUxmR1wvYTh5dz09IiwibWFjIjoiZWMyYWEyYWNkYzMzYzBmZDcyNzZhYWU5ZjFiNDJmNDQxNjVkNDhiYzI0Yjc2ZDU3MTU2MjFhMjE0NjZmMzU0MiJ9; expires=Sun, 26-Jun-2016 04:06:01 GMT; Max-Age=7200; path=/
Set-Cookie:laravel_session=eyJpdiI6ImFSN0pLSkJXbkU0dXoxaTdhN1p4SUE9PSIsInZhbHVlIjoiV1wvNGFrTnlqT0RvU0U4T0owMll5Q0s5UnVDSmNzeHF3bmltdjJHZ081emxDcVwveFMwWXhFZFlLaWhxT1J2c1ExOE1TVFNKVk9tdmZzc0hTSDFDMEFEdz09IiwibWFjIjoiNWE3MDE2ZjNiZjM1M2UwYjI2ODQ3MmE2MGFjZjU4NGNmZjZlOWYyN2QwNTk0MmJjYmM1NjE0NjA1YmJhODNjNyJ9; expires=Sun, 26-Jun-2016 04:06:01 GMT; Max-Age=7200; path=/; httponly
X-Powered-By:PHP/5.5.35
没有设置XSRF-TOKEN和laravel_session令牌。我是否需要在Angular端专门做任何事情来保存cookie或者cookie是否只是自动设置?
如果您使用Laravel构建API,请确保使用api中间件而不是默认情况下在web类中定义的RouteServicePovicer.php中间件。您不需要API的API或CSRF令牌保护,您可以为此目的进行令牌身份验证。