首先我想告诉我,我已经阅读所有的问题,从堆栈和一切有关CORS,但实现仍然不工作。我的APP是建立在
angular crud demo:
所以我有在应用程序配置:
$httpProvider.defaults.useXDomain = true; $httpProvider.defaults.withCredentials = true; delete $httpProvider.defaults.headers.common['X-Requested-With'];
我知道他们正确设置(与调试)。在我的“安全”应用程序中,我正在为当前用户跨域请求:
return $http.get(LAYOUT_CONFIG.baseURL + '/current-user').then(function(response) {
//service.currentUser = response.data.user;
service.currentUser = response.data;
return service.currentUser;
});
我在第一个请求得到这些标题:
Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:accept,origin,content-type,cookie Access-Control-Allow-Methods:GET,POST Access-Control-Allow-Origin:http://admin.vibetrace.com Access-Control-Max-Age:1728000 Connection:keep-alive Content-Encoding:gzip Content-Type:text/html; charset=utf-8 Date:Sun,02 Jun 2013 11:07:49 GMT P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Server:Nginx/1.1.19 Set-Cookie:vibetrace.ssid=s%3A2lT2_N0-EevCJt7LbRlJ6Az1.d8xp99st%2F0RNV0VN2D4o4AJXNRT%2F%2F46v8PDVWSAbx%2Fw; Path=/; Expires=Mon,30 Sep 2013 11:07:49 GMT Transfer-Encoding:chunked Vary:Accept-Encoding X-Cache:MISS X-Powered-By:Express
所以Set-Cookie就在那里。然而,随后的$ http.get请求(从角度)不发送应该以前设置的cookie。
Accept:application/json,text/plain,*/* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Cache-Control:no-cache Connection:keep-alive Host:app.vibetrace.com Origin:http://admin.vibetrace.com Pragma:no-cache Referer:http://admin.vibetrace.com/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/27.0.1453.93 Safari/537.36
但这里有趣的部分。如果我在控制台中运行以下代码:
$.ajax("https://app.vibetrace.com/current-user",{
type: "GET",success: function(data,status,xhr) {
},xhrFields: {
withCredentials: true
},crossDomain: true
});
请求标头包含Cookie。
Accept:*/* Accept-Encoding:gzip,en;q=0.8 Cache-Control:no-cache Connection:keep-alive Cookie:fbm_245656478789760=base_domain=.vibetrace.com; __utma=199448574.828439508.1336934706.1361539088.1361819816.356; __utmc=199448574; __utmz=199448574.1361819816.356.354.utmcsr=tenlister.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.PHP; connect.sid=s%3AZ1o9bIw0jBOmQwuhKJDG1San.%2BfshIsvupiRuK0pUJqm8EAMnMBCyxf%2Fk17cAVzcy31w; __utma=173003172.1796845739.1355503443.1369827921.1369833348.68; __utmc=173003172; __utmz=173003172.1369410587.66.5.utmcsr=stage.marketizator.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/builder/; vibetrace.ssid=s%3AV6biojefu9r5DTGErKL5vYPi.KAlnWMUm8jZmPV0MpP%2FrgqwmkF6WuXEZZDyzJhozYCs Host:app.vibetrace.com Origin:http://admin.vibetrace.com Pragma:no-cache Referer:http://admin.vibetrace.com/
我缺少什么?
解决方法
你见过这个吗?
Communication between AngularJS and a Jersey Webservice which are on a different domain. Can’t access correct session
Try passing a config object to $http that specifies withCredentials,that should work in all versions.
$http({withCredentials: true,...}).get(...)
