Express 和 Firebase - 无法在重定向前设置标头

我正在尝试使 Firebase 身份验证在服务器上工作。

'use strict';

const functions = require('firebase-functions');
const admin = require('firebase-admin');
admin.initializeApp();
const express = require('express');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser')();
const cors = require('cors')({origin: true});
//const expressSanitizer = require('express-sanitizer');
const app = express();

// Express middleware that validates Firebase ID Tokens passed in the Authorization HTTP header.
// The Firebase ID token needs to be passed as a Bearer token in the Authorization HTTP header like this:
// `Authorization: Bearer <Firebase ID Token>`.
// when decoded successfully, the ID Token content will be added as `req.user`.

const validateFirebaseIdToken = (req, res, next) => {
   console.log('Check if request is authorized with Firebase ID token');

   if ((!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) &&
  !(req.cookies && req.cookies.__session)) {
       console.error('No Firebase ID token was passed as a Bearer token in the Authorization header.',
    'Make sure you authorize your request by providing the following HTTP header:',
    'Authorization: Bearer <Firebase ID Token>',
    'or by passing a "__session" cookie.');
    res.redirect("/login");
    return;
   }

   let idToken;
   if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
   console.log('Found "Authorization" header');
     // Read the ID Token from the Authorization header.
     idToken = req.headers.authorization.split('Bearer ')[1];
   } else if(req.cookies) {
     console.log('Found "__session" cookie');
     // Read the ID Token from cookie.
     idToken = req.cookies.__session;
   } else {
     // No cookie
     res.redirect("/login");
     return;
   }

   admin.auth().verifyIdToken(idToken).then((decodedIdToken) => {
      console.log('ID Token correctly decoded', decodedIdToken);
      req.user = decodedIdToken;
      return next();
   }).catch((error) => {
      console.error('Error while verifying Firebase ID token:', error);
      res.redirect("/login");
   });
 };

app.use(bodyParser.urlencoded({ extended: true }));
app.use(express.static("/public"));
app.use(cors);
app.use(cookieParser);
//app.use(expressSanitizer());
//app.use(validateFirebaseIdToken);=
app.set("view engine", "ejs");

// This HTTPS endpoint can only be accessed by your Firebase Users.
// Requests need to be authorized by providing an `Authorization` HTTP header
// with value `Bearer <Firebase ID Token>`.
exports.app = functions.https.onRequest(app);



app.post("/login", (request, response) => {

   var idToken = request.body.token;

   console.log("REQUEST BODY = " + idToken);

   response.header("Authorization" , "Bearer " + idToken);

   return response.redirect("dashboard");
});

app.get("/dashboard", validateFirebaseIdToken, (request, response) => {
   response.redirect("/dashboard/new");
});

In the /loginPOST 路线，我收到idToken正如预期的那样（并在日志中显示）。不过，响应似乎无法保留/维护标头属性Authentication: Bearer <Firebase ID token>预先设定。

事实上，我在 Postman 中发送了一个 GET 请求到/dashboard通过获取日志打印的 idToken 并将其设置在请求的标头中，例如Authorization: Bearer <idToken>它工作得很好。

这里说 https://stackoverflow.com/questions/32235438/set-express-response-headers-before-redirect该重定向实际上是新的 HTTPS 请求，因此不会保留响应中设置的标头。这种情况我该怎么办？

您必须发送授权标头every要求。 HTTPS 函数是无状态的。他们不记得之前的请求中的任何内容。因此，您不应该依赖重定向行为来保留状态。相反，客户端需要弄清楚下一步该去哪里并自行发出下一个请求。