cookie all in one

credentials: "include"

https://developers.google.com/web/updates/2015/03/introduction-to-fetch

why & solution

cookie & Fetch & credentials

https://github.com/github/fetch#sending-cookies

https://github.com/github/fetch#receiving-cookies

https://github.com/github/fetch#read-this-first

https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name



Set-Cookie & Secure & HttpOnly & SameSite

HTTP/Headers/Set-Cookie

Set-Cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie


https

https://stackoverflow.com/questions/37234687/how-to-set-cookie-secure-flag-using-javascript

cookie


document.cookie = "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;";
// "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure; document.cookie;;
// "testCookie=javascript2050"

HttpOnly

A HttpOnly cookie means that it's not available to scripting languages like JavaScript.

https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript

https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript/14691716#14691716

https://github.com/js-cookie/js-cookie/issues/344

SameSite

https://stackoverflow.com/questions/50361460/samesite-cookie-attribute-not-being-set-using-javascript



cookie

不支持 fill:// 协议,无法写 cookie!

一次只能写一个?

http://javascript.ruanyifeng.com/bom/cookie.html

逗号进行转义? 瞎扯


document.cookie = 'jwt=aaa.bbb.ccc';
// "jwt=aaa.bbb.ccc"
document.cookie;


http only & path & expires


// document.cookie = ".test=javascript2020;Expires=Wed, 21 Oct 2020 07:28:00 GMT;path=/;domain=www.cnblogs.com";

document.cookie = ".test=javascript2020;Expires=Wed, 21 Oct 2020 07:28:00 GMT;path=/;domain=cnblogs.com";

// ".test=javascript2020;Expires=Wed, 21 Oct 2020 07:28:00 GMT;path=/;domain=www.cnblogs.com"

document.cookie;


https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Request & header

https://developer.mozilla.org/en-US/docs/Glossary/Request_header

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

???

cookie


new headers({})

https://davidwalsh.name/fetch

https://stackoverflow.com/questions/35733138/send-cookie-in-http-post-request-in-javascript



const fetchJSON = (url = ``) => {
let headers = new Headers({
"Content-Type": "application/json; charset=utf-8;",
"cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
"Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
});
return fetch(url, {
// method: "POST",
method: "GET",
mode: "no-cors",
headers: headers,
})
.then(res => res.json())
.then(
(json) => {
return json;
}
)
.catch(err => console.log(`fetch error`, err));
};


"use strict"; /**
*
* @author xgqfrms
* @license MIT
* @copyright cookie
* @description
* @augments
* @example
*
*/
const = ( = ``, debug = false) => {
// do something...
return ;
};
const commments = {
"commentId":3997788,
"voteType":"Digg"
}; const url = "https://www.cnblogs.com/mvc/vote/VoteComment.aspx"; // https://www.cnblogs.com/mvc/vote/VoteBlogPost.aspx // blog = {
// "blogApp": "xgqfrms",
// "postId": 9178897,
// "voteType": "Digg",
// "isAbandoned": false
// }; fetch(url, {
method: "POST",
headers: {
"Accept": "application/json",
"Content-Type": "application/json",
"Cache": "no-cache"
},
credentials: "same-origin",
body: JSON.stringify(commments),
});


bug

前端如果不设置 credentials, 字段,后端无法写入 cookie(Set-Cookie), 前端无法发送 cookie ???

conclusion

  1. cookie 必须同源, domain 不许一致。

  2. 前端如果不设置 credentials, 字段, 前端无法发送 cookie !

  3. 后端无法写入 cookie(Set-Cookie) ???


credentials: "include",

const fetchJSON = (url = ``, data = {}) => {
// let headers = new Headers({
// "Content-Type": "application/json; charset=utf-8;",
// "cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
// "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
// });
return fetch(url, {
// method: "POST",
method: "GET",
mode: "no-cors",
credentials: "include",
// credentials: "same-origin",
headers: {
"Accept": "application/json; charset=utf-8;",
"Content-Type": "application/json; charset=utf-8;",
"Cache": "no-cache",
// "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss",
// "XYZ": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss",
// "Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
// "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
// "Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; HttpOnly;",
// Secure; & cookie只会被https传输 (boolean或null)。
},
// body: JSON.stringify({
// user_name: "admin",
// password: "admin",
// }),
// headers: new Headers({
// "Content-Type": "application/json; charset=utf-8;",
// "cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
// "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",
// }),
})
// .then(res => res.json())
.then(
(json) => {
return json;
}
)
.catch(err => console.log(`fetch error`, err));
};


# cookie Generator > cookieGenerator(); ```js /**
*
* @author xgqfrms
* @license MIT
* @copyright xgqfrms
*
* @description cookieGenerator
*
* @param {String} name cookie name
* @param {String} value cookie value
* @param {Number} days
* @param {String} path
* @param {String} domain
* @param {String} HttpOnly (JavaScript absolutely no API available to get/set the HttpOnly attribute of the cookie!)
* @param {Boolean} Secure
* @param {ENUM} SameSite=Lax / SameSite=Strict (This is an attribute that can only be set by server (like HttpOnly) in response cookies it sends to browser.)
*
*/ const cookieGenerator = (
options = {
name: "testCookie",
value: "testcookie",
days: 0,
path: "/",
domain: window.parent.document.domain,
// HttpOnly: false,
Secure: false
}) => {
let {
name,
value,
days,
path,
domain,
// HttpOnly,
secure
} = options;
let result = ``,
expires = ``,
date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = date.toUTCString();
result = `${name}=${value}; Expires=${expires}; Path=${path}; Domain=${domain};`;
// if (httponly) {
// result += `Http;`;
// result += `HttpOnly;`;
// }
if (secure) {
result += `Secure;`;
}
// document.cookie = result;
return result;
};



xgqfrms 2012-2020

www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!


cookie all in one的更多相关文章

  1. 超大 Cookie 拒绝服务攻击

    有没有想过,如果网站的 Cookie 特别多特别大,会发生什么情况? 不多说,马上来试验一下: for (i = 0; i < 20; i++) document.cookie = i + '= ...

  2. IE10、IE11 User-Agent 导致的 ASP.Net 网站无法写入Cookie 问题

    你是否遇到过当使用一个涉及到Cookie操作的网站或者管理系统时,IE 6.7.8.9下都跑的好好的,唯独到了IE10.11这些高版本浏览器就不行了?好吧,这个问题码农连续2天内遇到了2次.那么,我们 ...

  3. 解决cookie跨域访问

    一.前言 随着项目模块越来越多,很多模块现在都是独立部署.模块之间的交流有时可能会通过cookie来完成.比如说门户和应用,分别部署在不同的机器或者web容器中,假如用户登陆之后会在浏览器客户端写入c ...

  4. jquery插件的用法之cookie 插件

    一.使用cookie 插件 插件官方网站下载地址:http://plugins.jquery.com/cookie/ cookie 插件的用法比较简单,直接粘贴下面代码示例: //生成一个cookie ...

  5. 一个诡异的COOKIE问题

    今天下午,发现本地的测试环境突然跑不动了,thinkphp直接跑到异常页面,按照正常的排错思路,直接看thinkphp的log 有一条 [ error ] [2]setcookie() expects ...

  6. [转载]Cookie/Session的机制与安全

    Cookie和Session是为了在无状态的HTTP协议之上维护会话状态,使得服务器可以知道当前是和哪个客户在打交道.本文来详细讨论Cookie和Session的实现机制,以及其中涉及的安全问题. 因 ...

  7. jquery.cookie的使用

    今天想到了要为自己的影像日记增加赞的功能,并且需要用到cookie. 记得原生的js操作cookie也不是很麻烦的,但似乎jquery更简单,不过相比原生js,需要额外引入2个文件,似乎又不是很好,但 ...

  8. 跨域问题,前端主动向后台发送cookie

    跨域是什么? 从一个域名的网页访问另一个域名的资源,就会出现跨域.只要协议.端口.域名有一个不同就会出现跨域 例如: 1.协议不同  http://www.baidu.com:80 和 https:/ ...

  9. 【流量劫持】沉默中的狂怒 —— Cookie 大喷发

    精简版:http://www.cnblogs.com/index-html/p/mitm-cookie-crack.html 前言 上一篇文章 讲解了如何借助前端技术,打造一个比 SSLStrip 更 ...

  10. 好好了解一下Cookie

    Cookie的诞生 由于HTTP协议是无状态的,而服务器端的业务必须是要有状态的.Cookie诞生的最初目的是为了存储web中的状态信息,以方便服务器端使用.比如判断用户是否是第一次访问网站.目前最新 ...

随机推荐

  1. JMeter联机负载及问题解决

    主控制机:存放JMeter脚本的机器叫做主控制机 负载机:被连接并用来运行脚本的机器叫做负载机 操作步骤: 1.修改主控制机上,JMeter安装目录bin目录下的JMeter.properties文件 ...

  2. 网络Devops探索与实践 流程管理分析师

    https://mp.weixin.qq.com/s/OKLiDi78uB8ZkPG2kUVxvA 网络Devops探索与实践 王镇 鹅厂网事 2020-09-23  9月16日举办的2020 ODC ...

  3. liux 常用操作命令

    tail -f /home/jyapp/apache-tomcat-7.0.59/logs/catalina.out  //查看实施日志 //删除临时目录并且启动服务器 rm -rf /home/jy ...

  4. Pytest(11)allure报告

    前言 allure是一个report框架,支持java的Junit/testng等框架,当然也可以支持python的pytest框架,也可以集成到Jenkins上展示高大上的报告界面. mac环境: ...

  5. Luogu T9376 区间GCD

    题目背景 无 题目描述 给定一长度为n的动态序列,请编写一种数据结构,要求支持m次操作,包括查询序列中一闭区间中所有数的GCD,与对一闭区间中所有数加上或减去一个值. 输入输出格式 输入格式: 第1行 ...

  6. hdu3577 Fast Arrangement

    Problem Description Chinese always have the railway tickets problem because of its' huge amount of p ...

  7. POJ 2594 Treasure Exploration 最小可相交路径覆盖

    最小路径覆盖 DAG的最小可相交路径覆盖: 算法:先用floyd求出原图的传递闭包,即如果a到b有路径,那么就加边a->b.然后就转化成了最小不相交路径覆盖问题. 这里解释一下floyd的作用如 ...

  8. HDU-3081-Marriage Match II 二分图匹配+并查集 OR 二分+最大流

    二分+最大流: 1 //题目大意:有编号为1~n的女生和1~n的男生配对 2 // 3 //首先输入m组,a,b表示编号为a的女生没有和编号为b的男生吵过架 4 // 5 //然后输入f组,c,d表示 ...

  9. 开源RPA软件试用

      优点 缺点 其它 Robot Framework 可视化界面 运行环境搭建复杂,依赖较多 操作复杂 倾向于自动化测试 TagUI 浏览器支持好 官方文档详细 命令行操作 非浏览器程序支持一般   ...

  10. CQRS+Event Sourcing

    using System; using System.Collections.Generic; using System.Linq; namespace CQRS { public class Eve ...