Answer the question
In order to leave comments, you need to log in
Q
Q
QFCFC2019-04-17 23:01:24
QFCFC, 2019-04-17 23:01:24
Why isn't the Set-Cookie header coming?
There are two applications: client and server. Both lie on different domains (in my case - on different ports).
The client (JavaScript application), using axios, makes the following request:
axios.get(API.getUserData(), {withCredentials: true}).then(response => {
if (response.status === 200) {
console.log('Получены данные пользователя: ' + response.data);
}
}).catch(exception => {
console.log('Ошибка доступа к серверу');
console.log('Детали ошибки: ' + exception.toString());
});The request goes to another domain, I remind you.
The server (Tomcat, java application) makes the response like this:
//начало метода
response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "http://localhost:2323"); //Адрес клиента
response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET");
response.addHeader(HttpHeaders.SET_COOKIE, "token=" + getStringToken());
response.setStatus(200);
//установка тела ответа и возврат результатаAs a result, the cross-domain request passes, the client receives all the necessary information in the response body and all headers, except for Set-Cookie. What could be the problem?
2 answer(s)
@megafax
@Lynn
V
Vladimir Skibin, 2019-04-17 @megafax
Access-Control-Allow-Headers: ...Set-Cookie...
Where do you have it?
L
Lynn "Coffee Man", 2019-04-17 @Lynn
It comes, but it cannot be accessed from JS, because the Set-Cookie header is on the blocked list.
https://developer.mozilla.org/en-US/docs/Web/API/H...
https://developer.mozilla.org/en-US/docs/Glossary/...
Similar questions
X
R
S
T
thatmaniscool2022-01-16 20:49:49
Is it possible to override a Java 11 anonymous class method?
2Reply
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question