Set-Cookie在生产中不设置Cookie

ilmyapht  于 2022-10-21  发布在  iOS
关注(0)|答案(1)|浏览(226)

我为Web客户端使用了Reaction with Axios,为API使用了Django REST框架。
csrftokensessionid cookie是在本地开发时设置的,在生产中也是使用API在Postman中设置的。但在我的Vercel Reaction应用程序中,尽管请求成功,但没有设置cookie。

settings.py

CORS_ALLOWED_ORIGINS = [
    'http://localhost:3000',
    'http://127.0.0.1:3000',
    # web client url,
]

CORS_ORIGIN_WHITELIST = (
    'http://localhost:3000', 
    'http://127.0.0.1:3000',
    # web client url,
)

CSRF_TRUSTED_ORIGINS = [
    'http://localhost:3000', 
    'http://localhost:8000', 
    'http://127.0.0.1:3000',
    # web client url,
]

CORS_ALLOW_METHODS = [
    "DELETE",
    "GET",
    "OPTIONS",
    "PATCH",
    "POST",
    "PUT",
]

CORS_ALLOW_HEADERS = [
    "accept",
    "accept-encoding",
    "authorization",
    "content-type",
    "dnt",
    "origin",
    "user-agent",
    "x-csrftoken",
    "x-requested-with",
]

CORS_EXPOSE_HEADERS = [
  "Content-Type", 
  "X-CSRFToken"
]

CORS_ALLOW_CREDENTIALS = True

CSRF_COOKIE_NAME = "csrftoken"

CSRF_COOKIE_HTTPONLY = False
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'

SESSION_COOKIE_HTTPONLY = False
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SAMESITE = 'None'

Axios配置:

axios.defaults.withCredentials = true;

const axiosClient = axios.create({
  xsrfHeaderName: 'X-CSRFToken',
  xsrfCookieName: 'csrftoken',
  headers: {
    "Accept": "application/json",
    "Content-Type": "application/json",
  },
});

axiosClient.defaults.baseURL = process.env.NODE_ENV === 'production'
  ? apiUrls.PROD_ROOT
  : apiUrls.DEV_ROOT;

export default axiosClient;

Vercel App响应:Response

v8wbuo2f

v8wbuo2f1#

在Axios中添加“with Credentials:True”,这应该可以解决您的问题

相关问题