在iOS 10.3中,一个使用PhoneGap与Django交互的应用发现通过Ajax获取CSRF Token时,'Set-Cookie'响应头无法正常获取。在iOS 10.2及更早版本中,该代码可以成功保存CSRF Token。问题在于iOS 10.3的更新阻止了'Set-Cookie'头出现在xhr对象中,导致POST请求被禁止。开发者尝试设置xhrFields和crossDomain选项无效,寻求解决方案。
My phonegap app communicates with django, so I use the method described in the following article to capture and send csrftoken:
This has been working till iOS 10.3. In iOS 10.3, the ajax call gets all response headers except Set-Cookie. I tried adding xhrFields: {withCredentials: true} and crossDomain: true but it makes no difference.
Here is the request to get the csrftoken:
$.ajax({beforeSend: function(xhr) {xhr.withCredentials = true;},
type: "GET",
url: 'url',
xhrFields: {withCredentials: true},
crossDomain: true,
success: function(data, textStatus, xhr) {
// returns cookie in any iOS except the latest iOS 10.3
document.cookie = xhr.getResponseHeader("Set-Cookie");
},
});
The same code works fine in iOS 10.2 and we can save the csrftoken from "Set-Cookie" header for later use.
iOS 10.3 somehow prevents this "Set-Cookie" response header from appearing in the xhr object, thus we cannot get the csrftoken from server and any subsequent POST action will be forbidden.
Please advise, thank you!
扫一扫
1565
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
