post测没啥问题
http://localhost:8087/accredit
cookie中什么都没有,什么情况?
1、1问题排查
cors跨域请求cookie生效的条件有三个:
1、addAllowedOrigin具体
2、setAllowCredentials(true); 允许发送cookie
3、addAllowedMethod 设置允许的方法
并没什么问题:
package com.leyou.gateway.config;
@Configuration
public class GlobalCorsConfig {
@Bean
public CorsFilter corsFilter() {
//1.添加CORS配置信息
CorsConfiguration config = new CorsConfiguration();
//1) 允许的域,不要写*,否则cookie就无法使用了
config.addAllowedOrigin("http://manage.leyou.com");
config.addAllowedOrigin("http://www.leyou.com");
//2) 是否发送Cookie信息
config.setAllowCredentials(true);
//3) 允许的请求方式
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
// 4)允许的头信息
config.addAllowedHeader("*");
//2.添加映射路径,我们拦截一切请求
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
//3.返回新的CorsFilter.
return new CorsFilter(configSource);
}
}
1、2问题排查
前端页面设置也没什么问题,这说明问题出现在header中了、
axios.defaults.baseURL = "http://api.leyou.com/api";
axios.defaults.timeout = 5000;
axios.defaults.withCredentials = true
1、3问题排查
查看上面测试是没什么问题的,但是需要使用ip来测
Set-Cookie →LY_TOKEN=eyJhbGciOiJSUzI1NiJ9.eyJpZCI6MjksInVzZX
JuYW1lIjoiaGVpbWE1MSIsImV4cCI6MTU0NTkyMjA4MX0.UmPL7a_CN1hJUPnUAVub47TnQ9c
4P90ptApzghCqWjR0ObiBPD2YEe7_7Qq5-
qkcfZiJJlHPfrLiIAiHmI
1UE89mxJluqZxq3kEuZW4seyC5Cm6eAGSmDbQ-tU6heGWTzVgjEYF6sI4TBKwc2skFj_CxAbTWDegHWa6BJCQW6po;
Max-Age=1800; Expires=Thu, 27-Dec-2018 14:48:02 GMT; Domain=localhost; Path=/; HttpOnly
http://127.0.0.1:8087/accredit
使用debug跟进来、查看
发现变化0.0.1 ,所以禁止转发地址、
ngnix设置 proxy_set_header Host $host;
网关设置add-host-header、因为Zuul 还有一次转发 /auth/**
zuul:
ignored-services:
- upload-service # 忽略upload-service服务
prefix: /api # 添加路由前缀
retryable: true
routes:
item-service: /item/** # 将商品微服务映射到/item/**
search-service: /search/**
user-service: /user/**
auth-service: /auth/**
add-host-header: true
另外,还有一个问题可能引起,那就是Zuul版本冲突、或者Zuul版本bug
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-netflix-zuul</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
再次测试:
并测不出来,DEBUG仍旧出不来,只有设置了敏感头问题之后,cookie才能够出来;
Zuul 网关yml 文件配置添加
zuul:
sensitive-headers:
查看下源码:
ZuulProxyAutoConfiguration extends ZuulServerAutoConfiguration
@Configuration
@Import({RestClientRibbonConfiguration.class, OkHttpRibbonConfiguration.class, HttpClientRibbonConfiguration.class, HttpClientConfiguration.class})
@ConditionalOnBean({Marker.class})
public class ZuulProxyAutoConfiguration extends ZuulServerAutoConfiguration {
//-------
@Bean
@ConditionalOnMissingBean({RibbonRoutingFilter.class})
public RibbonRoutingFilter ribbonRoutingFilter(ProxyRequestHelper helper, RibbonCommandFactory<?> ribbonCommandFactory) {
RibbonRoutingFilter filter = new RibbonRoutingFilter(helper, ribbonCommandFactory, this.requestCustomizers);
return filter;
}
//-------
}
查看配置类:ZuulProperties
@ConfigurationProperties("zuul")
public class ZuulProperties {
//--
private Set<String> ignoredServices = new LinkedHashSet();
private Set<String> ignoredPatterns = new LinkedHashSet();
private Set<String> ignoredHeaders = new LinkedHashSet();
private Set<String> sensitiveHeaders = new LinkedHashSet(Arrays.asList("Cookie", "Set-Cookie", "Authorization"));
//--
public Set<String> getIgnoredHeaders() {
Set<String> ignoredHeaders = new LinkedHashSet(this.ignoredHeaders);
if (ClassUtils.isPresent("org.springframework.security.config.annotation.web.WebSecurityConfigurer", (ClassLoader)null) && Collections.disjoint(ignoredHeaders, SECURITY_HEADERS) && this.ignoreSecurityHeaders) {
ignoredHeaders.addAll(SECURITY_HEADERS);
}
return ignoredHeaders;
}
//---
}