尝试了15648070,15648070,不幸的是没有工作:)
你好,第一次用Gin构建API,我在浏览器上设置cookie时遇到了一些问题
我的意思是,当查看dev tools上的请求时,我看到了Set-Cookie标头和正确的值,在该请求中的Cookie选项卡下,我也看到了cookie
主要问题是它没有保存在我的浏览器上(dev tools-> Application-> Storage-> Cookies和我的cookie不在那里🙂)
后台:
router.Use(cors.New(cors.Config{
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"},
AllowHeaders: []string{"Origin", "Content-Length", "Content-Type"},
MaxAge: 12 * time.Hour,
AllowAllOrigins: true,
AllowCredentials: true,
}))
router.POST("/users/login", server.LoginUser)func (server *Server) LoginUser(ctx *gin.Context) {
...
ctx.SetCookie("access_token", accessToken, 3600, "/", "localhost", false, true)
ctx.SetCookie("refresh_token", refreshToken, 3600, "/", "localhost", false, true)
ctx.JSON(http.StatusOK, gin.H{"ok": true, "payload": rsps})
}前端:
const login = async () => {
const res = await fetch("http://localhost:3000/users/login", {
method: "POST",
body: JSON.stringify({ username, password }),
});
const data = await res.json();
console.log(data);
};
const handleFormSubmit = (e) => {
e.preventDefault();
login();
};
return (
<div>
<h1>Login Page</h1>
<form onSubmit={handleFormSubmit}>
...
<button type="submit">Login</button>
</form>
</div>
);有线索吗?
1条答案
按热度按时间hs1ihplo1#
(感谢
Discord上的#Reactiflux通道)我错过了两件事。
服务器端:
AllowHeaders标题->添加"Access-Control-Allow-Headers", "Authorization"AllowOriginFunc->意味着不允许*,而是一个特定的域前端侧:
withCredentials: true添加到我的axios配置