在一个浙里办应用的项目中,被跨域问题困扰了好几天,查阅了大量网文,大部分文章都能解决跨域的问题,但是无法解决SessionId不能保持的问题。
先两步解决跨域的问题:
1、Axios调用的时候设置withCredentials为true:
2、服务端设置允许跨域:
allowed-origins="*"//有些文章说这里不能设置为星号,必须跟调用方域名一致,经过我的测试好像不影响。
allowed-methods="POST, GET, OPTIONS, DELETE, PUT"
allowed-headers="Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
allow-credentials="true"
经过以上两步,应该已经可以跨域调用到接口了,但是每次发起接口调用,SessionId都是在变化的。用Chrome浏览器调试的时候,发现Set-Cookie那一栏有个黄色的警告图标,提示如下:
This Set-Cookie didn't specify a "SameSite" attribute, was defaulted to "SameSite=Lax", and was blocked because it came from a cross-site response which was not the response to a top-level navigation. This response is considered cross-site because the URL has a different scheme than the current site.
3、这时候就需要进行第4步,修改Nginx.conf文件:添加:proxy_cookie_path / "/; httponly; secure; SameSite=None";
亲测通过。