为什么我的fastapi端点是不使用fetch保存httponly cookie的?

问题描述 投票:0回答:1
这个问题说明了一切,我觉得我已经阅读了我能读的一切,而且我仍然没有进一步的前进。 当前情况是:

Enter
    api.mydomain.com
  • 直接进入浏览器
    does保存我的cookie
从我的
    • index.html
  • 从我的
    portal.mydomain.com
    中获取
        fetch('https://api.mydomain.com/api/v1/forms/cookie?category=all&count=2', {
    method: 'GET',
    credentials: 'include',
    headers: {
        "Access-Control-Allow-Origin": "https://portal.mydomain.com"
    }
})
    .then(response => response.json())
    .then(data => console.log(data))
    .catch(err => console.error(err));
    

const payload = {
    "email": "[email protected]",
    "password": "password",
    "csrf": "csrf"
}
const jsonData = JSON.stringify(payload);

fetch('https://api.mydomain.com/api/v1/forms/auth', {
    method: 'POST',
    credentials: 'include',
    headers: {
        "Access-Control-Allow-Origin": "https://portal.mydomain.com",
        "Content-Type": "application/json"
    },
    body: jsonData
})
    .then(response => response.json())
    .then(data => console.log(data))
    .catch(err => console.error(err));

    

我没有CORS错误,选项,获取和发布请求都得到200响应。  我可以看到JSON数据有效载荷,只是没有cookie,也无法在Broswer Dev工具中看到cookie设置。
在我的html文件中,我有以下内容:
@router.get("/cookie")
def set_cookie(response: Response):
    # Set an HttpOnly cookie
    response.set_cookie(
        key="testCookie",
        value="testCookieValue",
        httponly=True,  # This makes the cookie HttpOnly
        secure=True,    # Use secure cookies in production
        samesite="none"  # Adjust based on your needs
    )
    return {"message": "Cookie has been set2"}

    • 
我的路由器看起来像这样的API:


origins = [
    "https://portal.mydomain.com",
    "https://api.mydomain.com",
]

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=[
        "Content-Type", 
        "Authorization", 
        "X-Requested-With", 
        "Access-Control-Request-Method", 
        "Access-Control-Request-Headers",
        "Access-Control-Allow-Origin"],
    
)


我的初始fastapi配置看起来像这样:


api.mydomain.com
我不确定还要尝试什么。
    

	


这与CORS无关。问题是,默认情况下,在任何其他子域中都无法使用
portal.mydomain.com
上设置的cookie。要使所有子域上提供一个cookie,您必须明确将域设置为
.mydomain.com


@router.get("/cookie")
def set_cookie(response: Response):
    # Set an HttpOnly cookie
    response.set_cookie(
        key="testCookie",
        value="testCookieValue",
        httponly=True,
        secure=True,
        samesite="none",
        domain=".mydomain.com",
    )
    return {"message": "Cookie has been set2"}


    


cors

fetch

fastapi


1个回答




    
    
    

        

            

                

                    
4
投票

                    

                

            

        

        



    

    


  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2025. All rights reserved.