我使用stormpath使用带有节点/快速服务器的角度webapp登录。这一切都适用于大多数现代浏览器,除了 Safari。这似乎是带有访问令牌 cookie 的东西。但是不确定这是否是一个错误。
当我登录(使用用户名并通过)时,我的 POST 请求进展顺利,如下所示:
POST /login HTTP/1.1
Host: ****api.herokuapp.com
Content-Type: application/x-www-form-urlencoded
Origin: http://app.****.com
Content-Length: 30
Connection: keep-alive
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Referer: http://app.****.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
username=***&password=********
这一切顺利并返回此响应:
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://app.****.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Set-Cookie: access_token=eyJraWQiOiIySUxB****unsEg; path=/; expires=Wed, 06 Jan 2016 16:01:38 GMT; httponly
Set-Cookie: refresh_token=eyJraWQiOiIySUxBNV&****LlwrlEtNhzI; path=/; expires=Sun, 06 Mar 2016 15:01:38 GMT; httponly
Date: Wed, 06 Jan 2016 15:01:38 GMT
Transfer-Encoding: chunked
Via: 1.1 vegur
在登录请求之后,我在加载路由之前对用户配置文件数据进行 /me 请求。但是,此请求返回 HTTP 401:
GET /me HTTP/1.1
Host: ****api.herokuapp.com
Origin: http://app.****.com
Connection: keep-alive
If-None-Match: W/"8c4-kH0dxMVw01EmGs/YFtZjXg"
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Accept-Language: en-us
Referer: http://app.****.com/
Accept-Encoding: gzip, deflate
在另一个浏览器 (firefox) 中,access_token cookie 与 /me 请求一起发送。我不知道为什么 safari 不随请求一起发送 cookie。结果,该请求是未经授权的(401)。有人知道如何解决这个问题,还是 Stormpath 中的错误