我在尝试登录服务器(在本地网络上运行(时遇到此问题。使用Chrome/Edge时登录效果良好,但在FireFox上失败。
在浏览器devtools/wireshark中,我看到当我访问登录页面时,服务器会发送一个cookie _oauth2_proxy_csrf。这个cookie应该包含在将来从我的浏览器到服务器的所有请求中。
铬
来自服务器的响应
Server: nginx/1.15.7
Date: Sun, 05 Jul 2020 12:18:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 281
Location: http://192.168.0.101/oauth2/oauth2/auth?approval_prompt=force&client_id=oauth2-proxy&redirect_uri=http%3A%2F%2Flocalhost%2Foauth-proxy%2Fcallback&response_type=code&scope=openid+email+profile+roles&state=472474af0548b13655fd6e8515f0fc31%3A%2F
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Set-Cookie: _oauth2_proxy_csrf=472474af0548b13655fd6e8515f0fc31; Path=/; Expires=Sun, 12 Jul 2020 12:18:43 GMT; HttpOnly; SameSite=Lax
chrome下一个请求
GET /oauth2/oauth2/auth?approval_prompt=force&client_id=oauth2-proxy&redirect_uri=http%3A%2F%2Flocalhost%2Foauth-proxy%2Fcallback&response_type=code&scope=openid+email+profile+roles&state=472474af0548b13655fd6e8515f0fc31%3A%2F HTTP/1.1
Host: 192.168.0.101
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _oauth2_proxy_csrf=472474af0548b13655fd6e8515f0fc31
一切都很好,如果我继续这个流程,可以登录,但
关于FireFox
来自服务器的响应
HTTP/1.1 302 Found
Server: nginx/1.15.7
Date: Sun, 05 Jul 2020 12:21:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 281
Location: http://192.168.0.101/oauth2/oauth2/auth?approval_prompt=force&client_id=oauth2-proxy&redirect_uri=http%3A%2F%2Flocalhost%2Foauth-proxy%2Fcallback&response_type=code&scope=openid+email+profile+roles&state=4b06492a222e53045d0447826a50c47e%3A%2F
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Set-Cookie: _oauth2_proxy_csrf=4b06492a222e53045d0447826a50c47e; Path=/; Expires=Sun, 12 Jul 2020 12:21:33 GMT; HttpOnly; SameSite=Lax
Firefox下一个请求(未设置cookie(
GET /oauth2/oauth2/auth?approval_prompt=force&client_id=oauth2-proxy&redirect_uri=http%3A%2F%2Flocalhost%2Foauth-proxy%2Fcallback&response_type=code&scope=openid+email+profile+roles&state=4b06492a222e53045d0447826a50c47e%3A%2F HTTP/1.1
Host: 192.168.0.101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
服务器登录失败(错误:未找到命名cookie(
我在谷歌上看到过其他cookie问题,但我没有看到任何类似的问题。
所以问题出在服务器的时间上。它正在创建过期时间已经在过去的12 Jul 2020 12:18:43 GMT与浏览器时间2020年9月的cookie。
显然chrome在下一次请求中发送回cookie没有问题,但Firefox丢弃了cookie。
我遇到了同样的问题,但恰恰相反,在firefox上运行良好,但在chrome上运行不好。发送cookie时设置secure=true对我有效,因为sameSite设置为none。
res.cookie('cookie', cookie, { httpOnly:true,secure:true, sameSite:'None' })