发了两个请求
第一个是这样的:
`GET /getCSRFToken HTTP/1.1
Host: localhost:7001
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
X-Custom-Header: dolphinFrontend
Origin: http://localhost:8080
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7,ar;q=0.6`
返回了:
`HTTP/1.1 200 OK
set-cookie: csrfToken=pEf-u_cZN7ukwtVu4n2a2260; path=/
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Headers: Content-Type, Content-Length, Authorization, Accept, X-Requested-With, X-Custom-Header
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,PATCH
Access-Control-Allow-Credentials: true
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-readtime: 1
keep-alive: timeout=5
content-length: 51
Date: Mon, 12 Oct 2020 01:37:00 GMT
Connection: keep-alive`
第二个是这样的:
`POST /user/login?_csrf=Infinity HTTP/1.1
Host: localhost:7001
Connection: keep-alive
Content-Length: 138
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
X-Custom-Header: dolphinFrontend
Content-Type: application/json;charset=UTF-8
Origin: http://localhost:8080
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7,ar;q=0.6
Cookie: DSESSIONID=eyJpZCI6MSwidXNlcklkIjoxLCJfZXhwaXJlIjoxNjA1MDU4MTQ0MTM2LCJfbWF4QWdlIjoyNTkyMDAwMDAwfQ==; DSESSIONID.sig=hij8zHCFj22aTWX1XNs3Odbv2BgFkF3dYgnbFRLkc5I`
返回了:
`HTTP/1.1 403 Forbidden
set-cookie: csrfToken=IX77SFzirlbGCtFDuAjGuQ4L; path=/
content-type: application/json; charset=utf-8
content-length: 32
Date: Mon, 12 Oct 2020 01:40:17 GMT
Connection: keep-alive`
两次请求的返回都有set-cookie头
但是只有第二次生效了 第一次没有设置cookie
为什么 如何解决?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…