如何解决Safari阻止身份验证令牌
我正在使用Apollo-Server-Express将身份验证令牌从后端传递到前端。除非禁用“阻止跨站点跟踪”选项,否则我可以在Chrome上登录,但不能在Safari上登录。
我知道Safari现在默认情况下会阻止所有第三方cookie,但是我相信我会遵循下面复制的here概述的开发者选项1。
选项1:OAuth 2.0授权,通过该授权域,身份验证域(在您的情况下为希望使用Cookie的第三方)将授权令牌转发到您使用的网站,您可以使用该网站来与服务器建立第一方登录会话设置安全和HttpOnly Cookie。
如何让Safari知道我正在遵循正确的身份验证方法?
前端:
return new ApolloClient({
uri: "https://latinconexiones-yoga-stg.herokuapp.com",request: (operation) => {
operation.setContext({
fetchOptions: {
credentials: "include",},headers,});
},
index.js
var corsOptions = {
origin: "https://latinconexiones-next-stg.herokuapp.com",credentials: true,// <-- REQUIRED backend setting
};
app.use(cors(corsOptions));
// Use express middleware to handle cookies (JWT)
app.use(cookieParser());
// decode JQT so we can get userId on each request
app.use((req,res,next) => {
const { token } = req.cookies;
if (token) {
const { userId } = jwt.verify(token,process.env.APP_SECRET);
// put user Id onto the request for future requetss to access
req.userId = userId;
}
next();
});
app.use(async (req,next) => {
// if they aren't logged in,skip this
if (!req.userId) return next();
const member = await db.query.member(
{ where: { id: req.userId } },"{ id,permissions,email,name }"
);
req.member = member;
next();
});
// start it!
server.applyMiddleware({
app,path: "/",cors: false,});
app.listen({ port: process.env.PORT },() =>
console.log(`? Server ready at http://localhost:${process.env.PORT}`)
);
登录突变
async signin(parent,{ email,password },ctx,info) {
// 1. check if member with that email exists
const member = await ctx.db.query.member({ where: { email } });
if (!member) {
throw new Error(`No member found for email ${email}`);
}
// 2. check password is correct
const valid = await bcrypt.compare(password,member.password);
if (!valid) {
throw new Error(`Invalid Password`);
}
// 3. create JWT token
const token = jwt.sign({ userId: member.id },process.env.APP_SECRET);
// 4. set the cookie
ctx.res.cookie("token",token,{
httpOnly: true,maxAge: 1000 * 60 * 60 * 24 * 365,// 1 year cookie
secure: true,sameSite: "none",});
// 5. return the member
return member;
},
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。