饼干消失在AngularJS应用程序中使用Django和CORS饼干、应用程序、CORS、AngularJS
我建设使用Django的REST框架和Django的CORS头的AngularJS应用作为后端API。
一切工作正常,直到今天。突然, csrfcookie 和的SessionID的cookie 就不来了Chrome浏览器。
我看到了API响应我与 csrfcookie 。 Chrome浏览器不会在开发工具表现出来,但我看到它在铬://设置/饼干
AngularJS
$ httpProvider.defaults.useXDomain = TRUE;$ http.defaults.headers.post ['X-CSRFToken'] = $ cookies.csrftoken;删除$ httpProvider.defaults.headers.common ['X-要求-随着'];$ HTTP({withCredentials:真实,...}) Django的API
CORS_ALLOW_CREDENTIALS = TRUECORS_ALLOW_HEADERS =( X-要求,与' '内容类型', '接受', '起源', '授权', X-CSRFToken) 解决方案
确定这样的答案,这个问题很简单,但并不总是很容易注意到,因为有来自API任何错误消息,也没有客户端。
上面的问题是,我驻留在 domain.com 在我的浏览器,但我的要求是对的API是的www.domain.com:8000 。双方的 www.domain.com 和 domain.com 允许起源于我的API。
结论这里要说的是,如果我驻留在 domain.com ,然后我需要让我的API请求对 domain.com:8000 。但是,如果驻留在 www.domain.com在我的浏览器,然后我需要对我的API请求的 www.domain.com:8000
硒工作示例下来波纹管:
饼干现在似乎罚款!
我希望这可以帮助任何人,节省了挫折的几个小时:)
更新:启用在Django的设置文件中的以下设置也将解决这个问题。使用它们,让我们你驻留在你的浏览器不同的子域,而饼干将返回域.domain.com
https://docs.djangoproject.com/en为/ dev / REF /设置/#CSRF cookie的域 https://docs.djangoproject.com/en/dev/ REF /设置/#会话cookie的域
由于阿波罗irc.freenode.net上,#django更新后的答案。
I'm building an AngularJS app with Django Rest Framework and Django CORS Headers as backend API.
Everything was working fine until today. Suddenly the csrfcookie and sessionid cookie stopped showing up in Chrome.
I see the API responding to me with the csrfcookie. Chrome doesn't show it in dev tools, however I see it in chrome://settings/cookies.
AngularJS
$httpProvider.defaults.useXDomain = true;
$http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
$http({withCredentials: true, ...})
Django API
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_HEADERS = (
'x-requested-with',
'content-type',
'accept',
'origin',
'authorization',
'X-CSRFToken'
)
解决方案
Ok so the answer to this issue is quite simple but not always very easy to notice since there are no error messages from the API, nor the client.
The problem above is that I reside on domain.com in my browser, but my request is towards the API is to "www.domain.com:8000". Both www.domain.com and domain.com are allowed origins in my API.
Conclusion here is that if I reside on domain.com then I need to make my API request towards domain.com:8000. But if reside on www.domain.com in my browser, then I need to make my API request towards www.domain.com:8000.
Se a working example down bellow:
Cookies now appear fine!
I hope this helps anyone, saving a few hours of frustration :)
Update: Enabling the following settings in the Django settings file will also solve the problem. Using them let's you reside on different subdomains in your browser, and the cookies will return for domain ".domain.com"
https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-domain https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-domain
Thanks to apollo on irc.freenode.net, #django for the updated answer.
