如何解决Express会话无法使用Nginx反向代理保存在浏览器中
我无法在浏览器中通过HTTP保存会话。以下是Nginx配置文件
Server{
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain.com www.mydomain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
location /session{
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass "http://127.0.0.1:5000/session";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /path/to/fullchain.pem; # managed by Certbot
ssl_certificate_key /path/to/privkey.pem; # managed by Certbot
include /path/to/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /path/to/ssl-dhparams.pem; # managed by Certbot
server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com www.mydomain.com;
return 404; # managed by Certbot
}
我正在向/ session发送发布请求axios {withCredentials:true}以初始化会话,并尝试将其值记录在/ session的get请求中
请参阅下面的server.js
var express = require("express");
var app = express();
const cors = require("cors");
const session = require("express-session");
app.use(
cors({
origin: "https://mytest.netlify.app",methods: ["GET","POST","PUT","DELETE"],credentials: true,// enable set cookie
exposedHeaders: [
"Content-Disposition"
],})
);
app.enable("trust proxy",1);
//Managing sessions
let sessionOptions = {
secret: "secret",name: "name",resave: false,saveUninitialized: false,cookie: {
maxAge: 30000,secure: true,sameSite: "None",},store: new MemoryStore({
checkPeriod: 360000,}),};
app.use(session(sessionOptions));
app.post("/session",(req,res) => {
req.session.filename = "session content";
res.status(200).send("ok");
});
app.get("/session",res) => {
console.log(req.session); - unable to view req.session.filename
res.status(200).send("ok");
});
app.listen(5000,() => console.log("server started on port 5000"));
它只是记录
Session {
cookie: {
path: '/',_expires: 2020-08-18T21:56:17.823Z,originalMaxAge: 30000,httpOnly: true,sameSite: 'none'
}
}
但是我也可以查看会话,但是出现一些跨站点请求错误:
Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie's SameSite attribute was not set or is invalid,it defaults to SameSite=Lax,which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests
ADDECTED RESOURCES
1 cookie
1 request - can view the session here but nothing in Application > Cookies > mydomain
Cors设置或Nginx配置文件出了点问题吗?即使设置了SameSite:None,也无法确定为什么我会收到此跨站点错误?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。