5
在AngularJS中,我在一个子域中使用了我的Restful API,但我遇到了Cookie /会话未在域间共享的问题。对于角度我这样做:AngularJS withCredentials不发送
app.config(['$httpProvider',
function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
}]);
此外,当我正在用$请求的HTTP我做
var object = {};
object.url = '/example'
object.withCredentials = true;
$http(object).success(object.success).error(object.error);
和我的服务器端我有:
if($_SERVER['REQUEST_METHOD']=='OPTIONS') {
if(isset($_SERVER['HTTP_X_FOWARDED_HOST']) && !empty($_SERVER['HTTP_X_FOWARDED_HOST'])) {
$origin=$_SERVER['HTTP_X_FOWARDED_HOST'];
} else {
$origin=$_SERVER['HTTP_ORIGIN'];
}
if(isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && ($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']=='POST' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']=='DELETE' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']=='PUT')) {
header('Access-Control-Allow-Origin: '.$origin);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: *,X-Requested-With,Content-Type');
//header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT');
// http://stackoverflow.com/a/7605119/578667
header('Access-Control-Max-Age: 86400');
}
}
现在我看到服务器说它会允许凭证,但它不会在选项请求中发送。下面的截图。
我在做什么错?
我有一个SSO cookie分配设置。所以我通过在会话ID检查前检查CORS Option来解决这个问题。如果是选项,则它不会运行会话ID检查SSO。否则,请使用发送的cookie。 –