使用后端(laravel)和前端 SPA(vue.js、vue-cli 3)进行服务。我需要通过 httpOnly cookie (不是 localStorage)进行身份验证。我用tymondesigns/jwt-auth https://github.com/tymondesigns/jwt-auth作为 api auth 包。
我的环境是:
- API路线:
http://brideplanner.test/api
- SPA路线:
http://app-test.brideplanner.test:81/
我的登录路径是/api/auth/login
,控制器方法为:
public function login()
{
$credentials = request(['email', 'password']);
$user = User::where('email','=',$credentials['email'])->first();
if (!$user || !$token = auth()->claims(['sub' => $user->id, 'csrf-token' => str_random(32) ])->attempt($credentials)) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return response()
->json('success')
->withCookie('token', $token, config('jwt.ttl'), ".brideplanner.test", null, false, false);
}
但是当我尝试向 API 发送请求时,却没有token
cookie 存储中的项目。这是怎么回事?为什么没有令牌?我应该怎么办?
UPD:我通过邮递员测试了请求并获得了令牌:
Set-Cookie →token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9icmlkZXBsYW5uZXIudGVzdFwvYXBpXC9hdXRoXC9sb2dpbiIsImlhdCI6MTU1MTM5NDMwNCwiZXhwIjoxNTUxMzk1MjA0LCJuYmYiOjE1NTEzOTQzMDQsImp0aSI6Im9uU1NtWEpSU0prR3NKc3giLCJzdWIiOjEsInBydiI6Ijg3ZTBhZjFlZjlmZDE1ODEyZmRlYzk3MTUzYTE0ZTBiMDQ3NTQ2YWEiLCIwIjoic3ViIiwiMSI6ImNzcmYtdG9rZW4iLCJjc3JmLXRva2VuIjoiTE9jSDFCWG9ITFJBMjlFYTg2MG1XQXhrVnpTR2gzT2oifQ.mnR4C6bwMIVptU64eZ6tN-gCYyFEuCIk_dm6dJsXrLY; expires=Thu, 28-Feb-2019 23:06:44 GMT; Max-Age=900; path=.brideplanner.test; domain=.brideplanner.test; httponly
但是当我从我的 SPA 发送请求时(http://app-test.brideplanner.test:81/
),就会出错。