我一直在尝试修复Google Chrome通过express-session引发的新CORS问题,但似乎没有解决。具体来说,这个错误:
A cookie associated with a cross-site resource at http://plant-app-test.herokuapp.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
我当前的堆栈是用于身份验证的Node.js、Express.js和Passport.js。您可以看到以下配置:
- app.js
require("dotenv").config();
const path = require("path");
const cors = require("cors");
const logger = require("morgan");
const helmet = require("helmet");
const express = require("express");
const mongoose = require("mongoose");
const bodyParser = require("body-parser");
const cookieParser = require("cookie-parser");
const app_name = require("./package.json").name;
const debug = require("debug")(
`${app_name}:${path.basename(__filename).split(".")[0]}`
);
const app = express();
// CORS setup
app.use(
cors({
credentials: true,
preflightContinue: true,
optionsSuccessStatus: 200,
origin: process.env.REACT_APP_CLIENT_POINT,
allowedHeaders: ["Content-Type", "Authorization"],
methods: ["GET", "POST", "PUT", "HEAD", "PATCH", "DELETE"],
})
);
// Middleware Setup
app.use(helmet());
app.use(logger("dev"));
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
require("./configs/db.config");
require("./configs/session.config")(app);
require("./configs/passport/passport.config.js")(app);
// Route setup
app.use("/", require("./routes/index"));
app.use("/auth", require("./routes/auth"));
app.use("/app", require("./routes/application"));
module.exports = app;- 会话配置.js
const session = require("express-session");
const mongoose = require("mongoose");
const MongoStore = require("connect-mongo")(session);
const cookieParser = require("cookie-parser");
module.exports = (app) => {
app.use(
session({
secret: process.env.SESS_SECRET,
name: "sessionID",
cookie: {
sameSite: "none",
secure: true,
},
resave: false,
saveUninitialized: false,
store: new MongoStore({
mongooseConnection: mongoose.connection,
ttl: 60 * 60 * 24 * 1000,
}),
})
);
};- passport-config.js
const passport = require("passport");
require("./serializers.config");
require("./local-strategy.config");
require("./google-strategy.config");
require("./facebook-strategy.config");
module.exports = (app) => {
app.use(passport.initialize());
app.use(passport.session());
};- serializers-config.js
const passport = require("passport");
const User = require("../../models/User.model");
passport.serializeUser(function (user, done) {
done(null, user._id);
});
passport.deserializeUser(async function (id, done) {
await User.findById(id, function (err, user) {
if (!err) done(null, user);
else done(err, null);
});
});我在会话cookie上尝试了几种不同的配置,它在我的dev.环境中运行良好(都位于HTTP://localhost上,但具有不同的端口(。有人能帮忙吗?因为这不允许我为用户保留会话,也不允许我在工作流程中利用他们存储在cookie上的id?
谢谢!
对于我的heroku应用程序和类似的情况,我通过在express会话配置中添加proxy : true,来修复它。我相信这启用了secure: true所需的SSL通信。
尝试先使用cookieParser,然后启用cors-我真的不明白为什么,但我相信快速订购材料。之后尝试注入会话";app.use(injectSession(";在这里,您可能需要调整会话配置代码以适应这种风格。我认为您不需要在会话配置文件中再次导入cookieParser,也许它会覆盖您以前的配置。