cookies

问题 I have two apps, the server-side app which is written in Laravel and the client-side app, written in VueJS. The vue app consumes the api provided by the laravel app. The auth flow: The user attempts to log in, the server sends two tokens to the client, a) access_token and b) refresh_token upon successful login. The server also sends the refresh token in the form of an httpOnly cookie to the client so that when the access token is expired, it can be refreshed using the refresh token from the

问题 I have two apps, the server-side app which is written in Laravel and the client-side app, written in VueJS. The vue app consumes the api provided by the laravel app. The auth flow: The user attempts to log in, the server sends two tokens to the client, a) access_token and b) refresh_token upon successful login. The server also sends the refresh token in the form of an httpOnly cookie to the client so that when the access token is expired, it can be refreshed using the refresh token from the

问题 I have a working login template that does a post and looks like: <form action="" method="post"> {% csrf_token %} <br> {{form.email}} <div class="text-center"> <button type="submit">Login</i></button> </div> </form> My SSL settings look like: ssl SECURE_SSL_REDIRECT = False SECURE_HSTS_SECONDS = 3600 SESSION_COOKIE_SECURE = False SECURE_PROXY_SSL_HEADER = None CSRF_COOKIE_SECURE = False I made two changes. I switched to an aws ec2 elastic load balancer and from https to http. Now I am getting

问题 I'm using NodeJS with the Express framework with the cookie-parser middleware on localhost:3333. My frontend is served by react dev server on localhost:3000. This is my first attempt at anything to do with cookies. Here are the options i set for my cookie: { expires: maxAge , httpOnly: true, sameSite: 'none', secure: true, domain: null } . I've also tried with and without the sameSite, httpOnly and secure options. As well as domain=localhost. Here is a header from the http response i get when

问题 I'm using NodeJS with the Express framework with the cookie-parser middleware on localhost:3333. My frontend is served by react dev server on localhost:3000. This is my first attempt at anything to do with cookies. Here are the options i set for my cookie: { expires: maxAge , httpOnly: true, sameSite: 'none', secure: true, domain: null } . I've also tried with and without the sameSite, httpOnly and secure options. As well as domain=localhost. Here is a header from the http response i get when

问题 I visited this site: https://samesite-sandbox.glitch.me/ both on normal and incognito Chrome window. This happens 100% of the time both on Mac Chrome and Android Chrome. Incognito had no extensions enabled. Is this a bug? Is there a workaround? Chrome version: 84.0.4147.105 Here's the incognito result: Here's the result on non-incognito window: 回答1: Actually just found the solution From this site: https://www.chromium.org/updates/same-site/test-debug If you are testing in Incognito Mode, be

问题 I visited this site: https://samesite-sandbox.glitch.me/ both on normal and incognito Chrome window. This happens 100% of the time both on Mac Chrome and Android Chrome. Incognito had no extensions enabled. Is this a bug? Is there a workaround? Chrome version: 84.0.4147.105 Here's the incognito result: Here's the result on non-incognito window: 回答1: Actually just found the solution From this site: https://www.chromium.org/updates/same-site/test-debug If you are testing in Incognito Mode, be

问题 I came to know even embedding of youTube videos on website are also affected by GDPR law, even for this we need user consent. There is not much i can find on the internet how to make embedding of youtube videos GDPR compliance and how we can take user consent for this. After digging for few days i found following link which say how we can use https://foliovision.com/support/fv-wordpress-flowplayer/requests-and-feedback/youtube-and-gdpr following link from google allow us to use it in no

问题 I came to know even embedding of youTube videos on website are also affected by GDPR law, even for this we need user consent. There is not much i can find on the internet how to make embedding of youtube videos GDPR compliance and how we can take user consent for this. After digging for few days i found following link which say how we can use https://foliovision.com/support/fv-wordpress-flowplayer/requests-and-feedback/youtube-and-gdpr following link from google allow us to use it in no

问题 I have an Angular app that runs on angular.example.com . The API runs on app.example.com . I get a domain cookie from app.example.com that sets the cookie on .example.com containing a JWT token (the cookie should be shareable between these domains according to RFC: https://tools.ietf.org/html/rfc6265#section-4.1.2.3). When the request to angular.example.com is sent and I can see the cookie as part of the request headers (added by the browser). The Angular app is served and makes a request to