English 中文(简体)
我无法确定从答复中收到的 co。
原标题:I am unable to set the cookies received from the response

我在港口运行一个3 000个当地客座反应堆和一个4000个快车服务器。 当我提出邮局的请求时,这些厨师正在组建之中,在把厨师附属于头部之后提出的任何要求也正在成立。 但是,在React中,我正在接受复函,但在我发出另一项请求时,收到的 co子并不附属于头部。 请帮助我如何做到这一点。

我的服务器正在利用这一功能,把 co子放在对策上:

const jwt = require( jsonwebtoken );

exports.generateToken = (res, userId) => {
  const token = jwt.sign({ userId }, process.env.JWT_SECRET, {
    expiresIn:  5d ,
  });

  res.cookie( jwt , token, {
    path: / ,
    httpOnly: false,
    secure: false, 
    sameSite:  None , 
    maxAge: 5 * 24 * 60 * 60 * 1000, 
  });
};

这一功能被用于认证 co:

exports.protect = async (req, res, next) => {
  let token;
  try {
    token = req.cookies.jwt;
  } catch (error) {
    sendError(res, "Invalid Token Provided. Please Login again to continue", 401);
    createError(error, "middleware/authMiddleware.js/protect");
    return; // Stop execution here after sending the error response
  }

  const role = req.body.role || req.params.role;

  if (!token) {
    return sendError(res, "Invalid:token Please Login to Continue", 401);
  }

  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);

    if (!isValidObjectId(decoded.userId)) {
      return sendError(res, "Unautherised Access", 401);
    }
    
    const user = await Users.findOne({_id:decoded.userId});

    if(!user) return sendError(res,"Invalid User Id Found",404);
    
    if (role !== user.role) {
      return sendError(res, "You are not authorized to access this route", 401);
    }

    if (user._id!=decoded.userId) {
      return sendError(res, "User Not Found", 404);
    }

    req.user = {
      _id: decoded.userId,
      name: user.name,
      email: user.email,
      role: user.role,
      department: user.department,
    };

    next();
  } catch (error) {
    sendError(res, "Invalid Token Provided. Please Login again to continueee", 401);
    createError(error, "middleware/authMiddleware.js/protect");
  }
};

我正在办理向浏览器发送 co子的信号路线,但并未确定:

“Screenshot

但是,在申请表上,没有发现 co子:

“Screen

我在发出这一请求时使用的是:

const handleVerifyUser = async () => {
  setName(() => "");
  setPassword(() => "");
  setDepartment(() => "");
  setEmail(() => "");
  const res = await fetch("http://localhost:4000/api/v2/verifyUser", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    credentials: "same-origin",
    withCredentials: true,

    body: JSON.stringify({
      token: otp,
    }),
  });
  const data = await res.json();
  console.log(data);
  if (data.success === true) {
    setMessage(() => data.message);
    setTimeout(() => {
      setMessage(null);
    }, 2000);
    console.log(data);
  } else {
    setMessage(() => data.message);
    setTimeout(() => {
      setMessage(null);
    }, 2000);
  }
};

我正在得到答复。

{电文:“因果: 请登录继续”}

在发出请求后,如果我看到网络把收到的厨师列为下一份申请的负责人,他就没有发出这一请求。

“Screenshot

I tried multiple times from different browsers but the cookie was not being set anywhere

问题回答

SameSite=None has specific requirements on security. Specifically, your server URL must be served over https:// and the cookie must be marked as Secure.

对于客户和服务器在同一东道名称上运行的发展环境(见 localhost),你可以使用“Lax”,这也是违约值。

res.cookie( jwt , token, {
  path:  / ,
  httpOnly: true, // ? client side JS should not have access
  secure: false,
  sameSite:  Lax ,
  maxAge: 5 * 24 * 60 * 60 * 1000,
});

For production mode, you ll need an HTTPS enabled server and SameSite=None; Secure

res.cookie( jwt , token, {
  path:  / ,
  httpOnly: true,
  secure: true,
  sameSite:  None ,
  maxAge: 5 * 24 * 60 * 60 * 1000,
});

您可以将这些内容与<代码>程序>上的核对结合起来。 NODE_ENV,使你的代码更容易在这两种环境中使用。

const isProd = process.env.NODE_ENV === "production";

res.cookie( jwt , token, {
  path:  / ,
  httpOnly: true, // ? client side JS should not have access
  secure: isProd,
  sameSite: isProd ?  None  :  Lax ,
  maxAge: 5 * 24 * 60 * 60 * 1000,
});

FYI the Request object passed to fetch() does not support a withCredentials property. Don t confuse it with XMLHttpRequest.

您要求与厨师共同申请的财产如下:

fetch(url, {
  method,
  credentials:  include , // ?
  // ...
});

XMLHttpRequest>。 是

const xhr = new XMLHttpRequest();
xhr.open(method, url);
xhr.withCredentials = true; // ?
// ...

And for Axios it is

axios({
  url,
  method,
  withCredentials: true, // ?
  // ...
});
时间:2023-11-27 22:31:12


上一篇:
下一篇:


相关问题
How to make Sequelize use singular table names

I have an model called User but Sequelize looks for the table USERS whenever I am trying to save in the DB. Does anyone know how to set Sequelize to use singular table names? Thanks.

时间:2014-01-14 13:15:50 回答:4 展示:1
What is Node.js? [closed]

I don t fully get what Node.js is all about. Maybe it s because I am mainly a web based business application developer. What is it and what is the use of it? My understanding so far is that: The ...

时间:2009-12-10 23:05:21 回答:10 展示:1
Clientside going serverside with node.js

I`ve been looking for a serverside language for some time, and python got my attention somewhat. But as I already know and love javascript, I now want learn to code on the server with js and node.js. ...

时间:2009-12-09 11:45:37 回答:3 展示:1
Can I use jQuery with Node.js?

Is it possible to use jQuery selectors/DOM manipulation on the server-side using Node.js?

时间:2009-11-26 01:54:20 回答:21 展示:1
How do I escape a string for a shell command in node?

In nodejs, the only way to execute external commands is via sys.exec(cmd). I d like to call an external command and give it data via stdin. In nodejs there does yet not appear to be a way to open a ...

时间:2009-11-22 20:21:52 回答:8 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全