cookie all in one

credentials: "include"

https://developers.google.com/web/updates/2015/03/introduction-to-fetch

why & solution

cookie & Fetch & credentials

https://github.com/github/fetch#sending-cookies

https://github.com/github/fetch#receiving-cookies

https://github.com/github/fetch#read-this-first

https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name

Set-Cookie & Secure & HttpOnly & SameSite

HTTP/Headers/Set-Cookie

Set-Cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

https

https://stackoverflow.com/questions/37234687/how-to-set-cookie-secure-flag-using-javascript

cookie



document.cookie = "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;";

// "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;

document.cookie;;

// "testCookie=javascript2050"

HttpOnly

A HttpOnly cookie means that it's not available to scripting languages like JavaScript.

https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript

https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript/14691716#14691716

https://github.com/js-cookie/js-cookie/issues/344

SameSite

https://stackoverflow.com/questions/50361460/samesite-cookie-attribute-not-being-set-using-javascript

cookie

不支持 fill:// 协议,无法写 cookie!

一次只能写一个?

http://javascript.ruanyifeng.com/bom/cookie.html

逗号进行转义? 瞎扯



document.cookie = 'jwt=aaa.bbb.ccc';

// "jwt=aaa.bbb.ccc"

document.cookie;

http only & path & expires

// document.cookie = ".test=javascript2020;Expires=Wed, 21 Oct 2020 07:28:00 GMT;path=/;domain=www.cnblogs.com";

document.cookie = ".test=javascript2020;Expires=Wed, 21 Oct 2020 07:28:00 GMT;path=/;domain=cnblogs.com";

// ".test=javascript2020;Expires=Wed, 21 Oct 2020 07:28:00 GMT;path=/;domain=www.cnblogs.com"

document.cookie;

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Request & header

https://developer.mozilla.org/en-US/docs/Glossary/Request_header

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

???

cookie

new headers({})

https://davidwalsh.name/fetch

https://stackoverflow.com/questions/35733138/send-cookie-in-http-post-request-in-javascript



const fetchJSON = (url = ``) => {

    let headers = new Headers({

        "Content-Type": "application/json; charset=utf-8;",

        "cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

        "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

    });

    return fetch(url, {

        // method: "POST",

        method: "GET",

        mode: "no-cors",

        headers: headers,

    })

    .then(res => res.json())

    .then(

        (json) => {

            return json;

        }

    )

    .catch(err => console.log(`fetch error`, err));

};





"use strict";

/**

 *

 * @author xgqfrms

 * @license MIT

 * @copyright cookie

 * @description

 * @augments

 * @example

 *

 */

const  = ( = ``, debug = false) => {

    // do something...

    return ;

};

const commments = {

    "commentId":3997788,

    "voteType":"Digg"

};

const url = "https://www.cnblogs.com/mvc/vote/VoteComment.aspx";

// https://www.cnblogs.com/mvc/vote/VoteBlogPost.aspx

// blog = {

//     "blogApp": "xgqfrms",

//     "postId": 9178897,

//     "voteType": "Digg",

//     "isAbandoned": false

// };

fetch(url, {

    method: "POST",

    headers: {

        "Accept":  "application/json",

        "Content-Type": "application/json",

        "Cache": "no-cache"

    },

    credentials: "same-origin",

    body: JSON.stringify(commments),

});

bug

前端如果不设置 credentials, 字段,后端无法写入 cookie(Set-Cookie), 前端无法发送 cookie ???

conclusion

  1. cookie 必须同源, domain 不许一致。

  2. 前端如果不设置 credentials, 字段, 前端无法发送 cookie !

  3. 后端无法写入 cookie(Set-Cookie) ???



credentials: "include",




const fetchJSON = (url = ``, data = {}) => {

    // let headers = new Headers({

    //     "Content-Type": "application/json; charset=utf-8;",

    //     "cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

    //     "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

    // });

    return fetch(url, {

        // method: "POST",

        method: "GET",

        mode: "no-cors",

        credentials: "include",

        // credentials: "same-origin",

        headers: {

            "Accept": "application/json; charset=utf-8;",

            "Content-Type": "application/json; charset=utf-8;",

            "Cache": "no-cache",

            // "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss",

            // "XYZ": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss",

            // "Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

            // "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

            // "Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; HttpOnly;",

            //  Secure; & cookie只会被https传输 (boolean或null)。

        },

        // body: JSON.stringify({

        //     user_name: "admin",

        //     password: "admin",

        // }),

        // headers: new Headers({

        //     "Content-Type": "application/json; charset=utf-8;",

        //     "cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

        //     "Set-Cookie": "access_token=eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiQWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiJ9.k82neq7nQXjz3xBu0P7jnbukOx57WUo4_V3DLStkEss; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/; Secure; HttpOnly;",

        // }),

    })

    // .then(res => res.json())

    .then(

        (json) => {

            return json;

        }

    )

    .catch(err => console.log(`fetch error`, err));

};




# cookie Generator

> cookieGenerator();

```js

/**

 *

 * @author xgqfrms

 * @license MIT

 * @copyright xgqfrms

 *

 * @description cookieGenerator

 *

 * @param {String} name cookie name

 * @param {String} value cookie value

 * @param {Number} days

 * @param {String} path

 * @param {String} domain

 * @param {String} HttpOnly (JavaScript absolutely no API available to get/set the HttpOnly attribute of the cookie!)

 * @param {Boolean} Secure

 * @param {ENUM} SameSite=Lax / SameSite=Strict (This is an attribute that can only be set by server (like HttpOnly) in response cookies it sends to browser.)

 *

 */

const cookieGenerator = (

    options = {

        name: "testCookie",

        value: "testcookie",

        days: 0,

        path: "/",

        domain: window.parent.document.domain,

        // HttpOnly: false,

        Secure: false

    }) => {

    let {

        name,

        value,

        days,

        path,

        domain,

        // HttpOnly,

        secure

    } = options;

    let result = ``,

        expires = ``,

        date = new Date();

    date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));

    expires = date.toUTCString();

    result = `${name}=${value}; Expires=${expires}; Path=${path}; Domain=${domain};`;

    // if (httponly) {

    //     result += `Http;`;

    //     result += `HttpOnly;`;

    // }

    if (secure) {

        result += `Secure;`;

    }

    // document.cookie = result;

    return result;

};

xgqfrms 2012-2020

www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!

cookie all in one的更多相关文章

  1. 超大 Cookie 拒绝服务攻击

    有没有想过,如果网站的 Cookie 特别多特别大,会发生什么情况? 不多说,马上来试验一下: for (i = 0; i < 20; i++) document.cookie = i + '= ...

  2. IE10、IE11 User-Agent 导致的 ASP.Net 网站无法写入Cookie 问题

    你是否遇到过当使用一个涉及到Cookie操作的网站或者管理系统时,IE 6.7.8.9下都跑的好好的,唯独到了IE10.11这些高版本浏览器就不行了?好吧,这个问题码农连续2天内遇到了2次.那么,我们 ...

  3. 解决cookie跨域访问

    一.前言 随着项目模块越来越多,很多模块现在都是独立部署.模块之间的交流有时可能会通过cookie来完成.比如说门户和应用,分别部署在不同的机器或者web容器中,假如用户登陆之后会在浏览器客户端写入c ...

  4. jquery插件的用法之cookie 插件

    一.使用cookie 插件 插件官方网站下载地址:http://plugins.jquery.com/cookie/ cookie 插件的用法比较简单,直接粘贴下面代码示例: //生成一个cookie ...

  5. 一个诡异的COOKIE问题

    今天下午,发现本地的测试环境突然跑不动了,thinkphp直接跑到异常页面,按照正常的排错思路,直接看thinkphp的log 有一条 [ error ] [2]setcookie() expects ...

  6. [转载]Cookie/Session的机制与安全

    Cookie和Session是为了在无状态的HTTP协议之上维护会话状态,使得服务器可以知道当前是和哪个客户在打交道.本文来详细讨论Cookie和Session的实现机制,以及其中涉及的安全问题. 因 ...

  7. jquery.cookie的使用

    今天想到了要为自己的影像日记增加赞的功能,并且需要用到cookie. 记得原生的js操作cookie也不是很麻烦的,但似乎jquery更简单,不过相比原生js,需要额外引入2个文件,似乎又不是很好,但 ...

  8. 跨域问题,前端主动向后台发送cookie

    跨域是什么? 从一个域名的网页访问另一个域名的资源,就会出现跨域.只要协议.端口.域名有一个不同就会出现跨域 例如: 1.协议不同  http://www.baidu.com:80 和 https:/ ...

  9. 【流量劫持】沉默中的狂怒 —— Cookie 大喷发

    精简版:http://www.cnblogs.com/index-html/p/mitm-cookie-crack.html 前言 上一篇文章 讲解了如何借助前端技术,打造一个比 SSLStrip 更 ...

  10. 好好了解一下Cookie

    Cookie的诞生 由于HTTP协议是无状态的,而服务器端的业务必须是要有状态的.Cookie诞生的最初目的是为了存储web中的状态信息,以方便服务器端使用.比如判断用户是否是第一次访问网站.目前最新 ...

随机推荐

  1. 前端面试之ES6新增了数组中的的哪些方法?!

    前端面试之ES6新增了数组中的的哪些方法?! 我们先来看看数组中以前有哪些常用的方法吧! 1 新增的方法! 1 forEach() 迭代遍历数组 回调函数中的三个参数 value: 数组中的每一个元素 ...

  2. Hmailserver搭建邮箱服务器

    由于阿里云,谷歌云,腾讯云等服务器都不开放25端口和pop3端口,想要使用邮箱服务得购买他们的企业邮箱,但是对于个人而言比较贵. 所以我们需要利用家庭宽带申请公网IP. 首先打电话给运营商客服,申请动 ...

  3. sql 括号

    <select id="chlTransQueryByChlType" parameterType="map" resultType="java ...

  4. 动态库与静态库的学习 博主写的很好 静态库 编译的时候 需要加上 static 动态库编译ok运行不成功就按照文章中的方法修改

    来源连接   http://www.cnblogs.com/skynet/p/3372855.html C++静态库与动态库 这次分享的宗旨是--让大家学会创建与使用静态库.动态库,知道静态库与动态库 ...

  5. Java SPI 与 Dubbo SPI

    SPI(Service Provider Interface)是JDK内置的一种服务提供发现机制.本质是将接口实现类的全限定名配置在文件中,并由服务加载器读取配置文件,加载实现类.这样可以在运行时,动 ...

  6. 省选复习 - LCT 笔记

    目录 LCT 笔记 主要功能 和其它数据结构的比较 思想 虚实剖分 如何维护所有的链 实链 虚边 开始构思 具体要维护的功能(从基础到高级) Splay部分 access(u) make(u) fin ...

  7. HTML5 学习表格应用

    <table> <tr> ---tr 定义行 <td>第1个单元格的内容</td> ----td 定义列 <td>第2个单元格的内容< ...

  8. MySQL安全审计(init_connect)

    1.常规安全 在说审计之前我们先提一点一般我们常用的MySQL的安全注意事项. 指定完善的MySQL安全流程 用户授权邮件备注 每个人对应权限均需留底 所有用户非管理员及特殊账户,均精细化授权 2.s ...

  9. 小白搭建WAMP详细教程---apache、mysql、php的整合配置

    Apache与PHP整合 我们之前说过PHP能够解析PHP代码, 可是不服务于apache,apache能够获取接收浏览器的请求, 可是不能处理PHP代码, 要实现动态站点开发,就必须结合apache ...

  10. HBase和ElasticSearch索引类型及存储位置

    本篇博文主要对HyperBase(HBase).Search(ElasticSearch)的索引类型及具体存储位置进行概要总结,让大家从整体上了解TDH平台中HyperBase和Search索引的管理 ...