Iframe跨域传Cookies

[ythy]

1. 需要同时设置sameSite: 'none'和secure: true

   app.post('/auth', (req: express$Request, res: express$Response) => {
     res.cookie('sessionId', session.id, { secure: true, sameSite: 'none' });
   });

2. Cookies设置secure: true的话，必须使用https
3. express设置https, 首先需要生成ssl证书，命令如下

   openssl req -new -x509 -days 7300 -nodes -sha256 -out flatris-public-key.crt -keyout flatris_private_key.pem

   默认的配置在环境变量里设置路径OPENSSL_CONF=D:\works\ca\openssl.cnf 参考 #226

4. express代码

   
   import fs from 'fs';
   import path from 'path';
   import https from 'https';
   import express from 'express';
   import cookieParser from 'cookie-parser';
   import session from 'express-session';

const rootDir = process.cwd(); const privateKey = fs.readFileSync( path.join(rootDir, 'https/flatris_private_key.pem'), 'utf8' ); const certificate = fs.readFileSync( path.join(rootDir, 'https/flatris-public-key.crt'), 'utf8' ); const credentials = { key: privateKey, cert: certificate };

const app = express(); app.use( cookieParser('f', { secure: true, sameSite: 'none', }) ); app.use( session({ secret: 'f', resave: false, saveUninitialized: true, cookie: { secure: true, sameSite: 'none' }, })

const httpsServer = https.createServer(credentials, app); server.listen(5000, undefined, undefined, err => { if (err) throw err; console.log(> Ready on https); });