Chrome浏览器忽略Set-Cookie标头的历史由来已久.这些原因中的一些被称为错误并已修复,而其他则是持久性的.它们都不容易在文档中找到.
Chrome has a long history of ignoring Set-Cookie header. Some of these reasons have been termed bugs and fixed, others are persistent. None of them are easy to find in documentation.
- 302重定向中不允许使用Set-Cookie
- 如果主机是本地主机,则不允许使用Set-Cookie
- 如果Expires超出可接受范围,则不允许使用Set-Cookie
我目前正在努力让chrome接受一个简单的会话cookie. Firefox和Safari似乎接受Set-Cookie的几乎所有符合RFC的字符串. Chrome顽固地拒绝承认Set-Cookie指令甚至是根据请求发送的(在开发者工具(网络)中不会显示).卷曲看起来很好.
I am currently struggling with getting chrome to accept a simple session cookie. Firefox and Safari seem to accept most any RFC compliant string for Set-Cookie. Chrome stubbornly refuses to acknowledge that a Set-Cookie directive was even sent on the request (does not show up in Developer Tools (Network)). curl looks fine.
那么,有没有人拥有1)跨浏览器Set-Cookie格式的现代最佳实践,或2)有关导致Chrome浏览器出现问题的更多信息?
So does anyone have either 1) modern best practices for cross-browser Set-Cookie formatting or 2) more information regarding what can cause Chrome to bork here?
谢谢.
推荐答案一件事咬住了我,但不在列表中:如果您尝试通过localhost上的HTTP设置安全cookie,Chrome会拒绝它因为您没有使用HTTPS.
One thing that has bitten me and is not on your list: if you are trying to set a secure cookie through HTTP on localhost, Chrome will reject it because you are not using HTTPS.
这种方式很有意义,但对本地发展却很烦人. (Firefox在这种情况下显然是一个例外,并允许通过localhost上的HTTP设置安全cookie).
This kind of makes sense, but is annoying for local development. (Firefox apparently makes an exception for this case and allow to set secure cookies over HTTP on localhost).
更多推荐
Chrome为什么会忽略Set
发布评论