Nearly two months have no diary, led nearly a month pig like life, eat sleep sleep eat every day, also do not study. In the past two weeks, I worked at home and encountered some problems in the debugging background to inject cookies. Please record it.

Let’s forget about the cross-domain thing. Let’s talk about the small details. If the server is set to ‘access-Control-allow-origin ‘: ‘*’, no cross-domain error will be reported.

When the withCredentials set to true, the withCredentials set to true.

The value cannot be a wildcard asterisk (*).

Access-control-allow-origin must be configured with the full address, HTTP must be configured with the port, and cookies must be allowed in the background. Access-control-allow-credentials must be configured with true.

At this time, the problem comes. At the beginning, the Node interface I wrote and the interface WRITTEN by the background can inject cookies. When I request the background interface to inject cookies, the reason is that when they test, they are the local IP, so it is easy to inject cookies directly. In the case of the same IP address, enabled to carry cookies, injection is very simple.

Because of the separation of the front and back ends, there is no problem in deployment. When the IP is local, there will be no cookie injection. If the domain is configured, it cannot be injected.

Later, it was learned that different IP can not be directly injected into cookies by the background, and cookies can not be injected between different domain names. For example, Baidu cannot inject cookies into JINGdong. They all know that the cookies of the subdomain names under the same domain name are shared. For example, cookies are shared between c.xx.com and B.xx.com.

Therefore, I configured two IP addresses for the local host: 31.xx.com was used as the domain name for my local project startup, and 31 was my local IP. Multiple developers can set one by themselves, as long as xx.com is the same.

Interface set a domain name, for example, the requested interface address is http://192.168.164.25, then set 192.168.164.25b.xx.com, and directly request the address: http:// b.xx.com: 8080 / test/getInfo domain is set to make the background. Finally, xx.com, when such development can be injected into a cookie. Note that the path had better be set to /, as well as the front-end setcookie, otherwise the default injected path is the current page, other pages will not get cookies.

In order to enable the server to inject cookies, you need to enable the withCredentials function for both the foreground and background. After enabling the withCredentials function, you need to enable the withCredentials function for cross-domain headers. If the headers are complete addresses, you cannot inject cookies between different IP domain names. The publishing network can publish services with the same domain name or subdomain name. Local development can be developed by configuring the host domain name pointing to.

At the beginning of the debugging quite a long time, there are many different errors, today it is impossible to reproduce, just record my solution, I can not guarantee that this is the case.