使用自訂標頭從一個網域重定向到另一個域由於HTTP 協定限制,無法在回應中設定cookie 或cookie。重定向本質上由與回應關聯的標頭(位置)組成,並且不允許將任何標頭添加到目標位置。
也不允許為不同的網域設定 cookie,因為它會構成重大安全風險。瀏覽器使用 Set-Cookie 標頭儲存伺服器傳送的 cookie 和回應,然後將它們傳送回伺服器以向相同網域中的相同伺服器發出請求。 Cookie 不會傳送到不同的網域。
一種方法是讓源域將使用者重新導向到目標域作為查詢參數傳遞的存取令牌。然後,目標網域可以讀取令牌並設定自己的 cookie,瀏覽器將儲存該 cookie 並將其發送以供後續請求。
源域(appA.py)
<code class="python">from fastapi import FastAPI, Response from fastapi.responses import RedirectResponse, HTMLResponse app = FastAPI() @app.get('/', response_class=HTMLResponse) def home(): return ''' <!DOCTYPE html> <html> <body> <h2>Click the "submit" button to be redirected to domain B</h2> <form method="POST" action="/submit"> <input type="submit" value="Submit"> </form> </body> </html> ''' @app.post('/submit') def submit(): token = 'MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3' redirect_url = f'http://example.test:8001/submit?token={token}' response = RedirectResponse(redirect_url) response.set_cookie(key='access-token', value=token, httponly=True) return response</code>
目標域(appB.py)
<code class="python">from fastapi import FastAPI, Request, status from fastapi.responses import RedirectResponse, HTMLResponse app = FastAPI() @app.get('/', response_class=HTMLResponse) def home(): token = request.cookies.get('access-token') print(token) return 'You have been successfully redirected to domain B!' \ f' Your access token ends with: {token[-4:]}' @app.post('/submit') def submit(request: Request, token: str): redirect_url = request.url_for('home') response = RedirectResponse(redirect_url, status_code=status.HTTP_303_SEE_OTHER) response.set_cookie(key='access-token', value=token, httponly=True) return response</code>
<code class="python">from fastapi import FastAPI, Response from fastapi.responses import HTMLResponse app = FastAPI() @app.get('/', response_class=HTMLResponse) def home(): return ''' <!DOCTYPE html> <html> <body> <h2>Click the "submit" button to be redirected to domain B</h2> <input type="button" value="Submit" onclick="submit()"> <script> function submit() { fetch('/submit', { method: 'POST', }) .then(res => { authHeader = res.headers.get('Authorization'); if (authHeader.startsWith("Bearer ")) token = authHeader.substring(7, authHeader.length); return res.text(); }) .then(data => { var url = 'http://example.test:8001/submit?token=' + encodeURIComponent(token); var img = document.createElement('img'); img.style = 'display:none'; img.crossOrigin = 'use-credentials'; img.onerror = function(){ window.location.href = 'http://example.test:8001/'; } img.src = url; }) .catch(error => { console.error(error); }); } </script> </body> </html> ''' @app.post('/submit') def submit(): token = 'MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3' headers = {'Authorization': f'Bearer {token}'} response = Response('success', headers=headers) response.set_cookie(key='access-token', value=token, httponly=True) return response</code>
另一種方法涉及使用 Window. postMessage() 用於跨來源通訊。源域將令牌傳送到目標網域,目標網域將其儲存在 localStorage 中並設定 cookie。缺點包括瀏覽器相容性和敏感資料儲存在 localStorage 中。
<code class="python">from fastapi import FastAPI, Request, Response from fastapi.responses import RedirectResponse from fastapi.middleware.cors import CORSMiddleware app = FastAPI() origins = ['http://localhost:8000', 'http://127.0.0.1:8000', 'https://localhost:8000', 'https://127.0.0.1:8000'] app.add_middleware( CORSMiddleware, allow_origins=origins, allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) @app.get('/') def home(request: Request): token = request.cookies.get('access-token') print(token) return 'You have been successfully redirected to domain B!' \ f' Your access token ends with: {token[-4:]}' @app.get('/submit') def submit(request: Request, token: str): response = Response('success') response.set_cookie(key='access-token', value=token, samesite='none', secure=True, httponly=True) return response</code>
以上是如何在 HTTP 網域之間使用 Cookie 和標頭進行重新導向?的詳細內容。更多資訊請關注PHP中文網其他相關文章!