0

==== 问题已解决 ====

下面描述的问题是由于未在底层 xhr 请求对象上正确设置属性“withCredentials”引起的。从下面给出的请求和响应的跟踪中我们看不到这一点。

对于 Purescript 用户:Affjax 库便利函数(put、get 等)依赖于将这个属性设置为 false 的 defaultRequest 对象。

=========================

在下面给出的请求和响应场景中,浏览器首先进行身份验证,然后尝试在 Couchdb 中创建数据库。

源位于http://127.0.0.1,服务器位于http://127.0.0.1:5984,因此请求被认为是跨域的。

这将失败并显示错误,指示客户端未通过身份验证。然而,就服务器而言,客户端是经过身份验证的:它发送一个 AuthSession cookie。问题是浏览器不会在数据库创建请求中返回该 cookie。事实上,我无法通过任何 Chrome 界面找到 cookie:它没有被存储。

我完全不知道为什么。我检查了 CORS 规范(https://www.w3.org/TR/cors/#resource-sharing-check-0),据我所知,所有接受 cookie 的要求都得到了满足。请求的源域是http://127.0.0.1,该域在 Access-Control-Allow-Origin 标头的内容中。请求的标头位于 Access-Control-Allow-Headers 标头的内容中。Access-Control-Allow-Credentials 为“真”。

对 COUCHDB 的飞行前身份验证请求

OPTIONS /_session HTTP/1.1
Host: 127.0.0.1:5984
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7

回复

HTTP/1.1 204 No Content
X-CouchDB-Body-Time: 0
X-Couch-Request-ID: a307303b47
Server: CouchDB/2.1.1 (Erlang OTP/19)
Date: Wed, 28 Feb 2018 08:28:07 GMT
Content-Length: 0
Access-Control-Max-Age: 600
Access-Control-Allow-Origin: http://127.0.0.1
Access-Control-Allow-Methods: GET, PUT, POST, HEAD, DELETE, OPTIONS
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Credentials: true

实际身份验证请求

POST /_session HTTP/1.1
Host: 127.0.0.1:5984
Connection: keep-alive
Content-Length: 35
Pragma: no-cache
Cache-Control: no-cache
Origin: http://127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Content-Type: application/json
Accept: */*
Referer: http://127.0.0.1/dist/index.html?user=cor&password=geheim
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7

回复

HTTP/1.1 200 OK
Set-Cookie: AuthSession=YWRtaW46NUE5NjY4MTc6DBUWBuYmEGnyuJvrpic7Z6DEiko; Version=1; Path=/; HttpOnly
Server: CouchDB/2.1.1 (Erlang OTP/19)
Date: Wed, 28 Feb 2018 08:28:07 GMT
Content-Type: application/json
Content-Length: 46
Cache-Control: must-revalidate
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Access-Control-Allow-Origin: http://127.0.0.1
Access-Control-Allow-Credentials: true

在 COUCHDB 中创建数据库的预检请求

OPTIONS /_node/couchdb@localhost/_config/admins/cor HTTP/1.1
Host: 127.0.0.1:5984
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: PUT
Origin: http://127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7

回复

HTTP/1.1 204 No Content
X-CouchDB-Body-Time: 0
X-Couch-Request-ID: bd94200e3e
Server: CouchDB/2.1.1 (Erlang OTP/19)
Date: Wed, 28 Feb 2018 08:28:07 GMT
Content-Length: 0
Access-Control-Max-Age: 600
Access-Control-Allow-Origin: http://127.0.0.1
Access-Control-Allow-Methods: GET, PUT, POST, HEAD, DELETE, OPTIONS
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Credentials: true

实际要求

PUT /_node/couchdb@localhost/_config/admins/cor HTTP/1.1
Host: 127.0.0.1:5984
Connection: keep-alive
Content-Length: 8
Pragma: no-cache
Cache-Control: no-cache
Origin: http://127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Content-Type: application/json
Accept: */*
Referer: http://127.0.0.1/dist/index.html?user=cor&password=geheim
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7

回复

HTTP/1.1 401 Unauthorized
X-CouchDB-Body-Time: 0
X-Couch-Request-ID: 6eabdacc77
Server: CouchDB/2.1.1 (Erlang OTP/19)
Date: Wed, 28 Feb 2018 08:28:07 GMT
Content-Type: application/json
Content-Length: 64
Connection: close
Cache-Control: must-revalidate
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Access-Control-Allow-Origin: http://127.0.0.1
Access-Control-Allow-Credentials: true
4

1 回答 1

1

下面描述的问题是由于未在底层 xhr 请求对象上正确设置属性“withCredentials”引起的。从下面给出的请求和响应的跟踪中我们看不到这一点。

对于 Purescript 用户:Affjax 库便利函数(put、get 等)依赖于将这个属性设置为 false 的 defaultRequest 对象。

于 2018-02-28T20:37:52.903 回答