我正在研究Angular 2 / Django项目。每个项目都在特定端口上运行。
在发布/login路由时,服务器会返回seesionid和csrftoken个Cookie。 Javascript代码无法访问这两个返回的Cookie,而且他们不会使用Chrome开发人员工具:
响应:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost
Allow:POST, OPTIONS
Date:Tue, 04 Apr 2017 14:47:31 GMT
Server:WSGIServer/0.2 CPython/3.5.2
Set-Cookie:csrftoken=ITzlkMrTtSYcmlNQANFvxQHlZ829qXe0tEblA3KOaKY6iRRB7Y3pYlvdcZNSpDcv; expires=Tue, 03-Apr-2018 14:47:31 GMT; Max-Age=31449600; Path=/
Set-Cookie:sessionid=d5v1mri12bniyvyqqt55ar8mfl9mr2jk; expires=Tue, 18-Apr-2017 14:47:31 GMT; HttpOnly; Max-Age=1209600; Path=/
Vary:Accept, Cookie, Origin
X-Frame-Options:SAMEORIGIN