时间戳

首页 > 解决方案 > 登录适用于 Chrome 和 Firefox,但不适用于 Edge

javascript - 登录适用于 Chrome 和 Firefox,但不适用于 Edge

问题描述

我的 Node.js 本地服务器上有一个 firebase 身份验证系统。我已经设置了登录系统,以便用户使用前端登录。发送一个获取请求并返回一个会话cookie。这在 chrome 和 firefox 上运行良好,但在 Edge 上,我在浏览器控制台和服务器控制台上都出现错误。

我检查了令牌是否实际发送到服务器,并且确实如此。

这是带有 firebase 和 cookie-parser 的登录处理程序


    /** Session login endpoint. */
    app.post("/sessionLogin", function(req, res) {
      // Get ID token and CSRF token.
      var idToken = req.body.idToken.toString();
      var csrfToken = req.body.csrfToken.toString();

      // Guard against CSRF attacks.
      if (!req.cookies || csrfToken !== req.cookies.csrfToken) {
        res.status(401).send("UNAUTHORIZED REQUEST!");
        return;
      }
      // Set session expiration to 5 days.
      var expiresIn = 60 * 60 * 24 * 5 * 1000;
      // Create the session cookie. This will also verify the ID token in the process.
      // The session cookie will have the same claims as the ID token.
      // We could also choose to enforce that the ID token auth_time is recent.
      admin
        .auth()
        .verifyIdToken(idToken)
        .then(function(decodedClaims) {
          // In this case, we are enforcing that the user signed in in the last 5 minutes.
          if (new Date().getTime() / 1000 - decodedClaims.auth_time < 5 * 60) {
            return admin
              .auth()
              .createSessionCookie(idToken, { expiresIn: expiresIn });
          }
          throw new Error("UNAUTHORIZED REQUEST!");
        })
        .then(function(sessionCookie) {
          // Note httpOnly cookie will not be accessible from javascript.
          // secure flag should be set to true in production.
          console.log(sessionCookie);

          var options = {
            maxAge: expiresIn,
            httpOnly: true,
            secure: false /** to test in localhost */
          };
          res.cookie("session", sessionCookie, options);
          res.end(JSON.stringify({ status: "success" }));
        })
        .catch(function(error) {
          res.status(401).send("UNAUTHORIZED REQUEST!");
        });
    });

这是配置文件获取请求处理程序:

//Get profile endpoint. */
app.get("/profile", function(req, res) {
  // Get session cookie.
  var sessionCookie = req.cookies.session || "none";
  // Get the session cookie and verify it. In this case, we are verifying if the
  // Firebase session was revoked, user deleted/disabled, etc.
  admin
    .auth()
    .verifySessionCookie(sessionCookie, true /** check if revoked. */)
    .then(function(decodedClaims) {
      // Serve content for signed in user.
      return serveContentForUser("/profile", req, res, decodedClaims);
    })
    .catch(function(error) {
      console.log("error: ", error);

      // Force user to login.
      res.redirect("/login");
    });
});

前端错误:

HTTP401: DENIED - The requested resource requires user authentication.
(Fetch)POST - http://192.168.1.9/sessionLogin

后端错误

{ Error: Decoding Firebase session cookie failed. Make sure you passed the entire string JWT which represents a session cookie. See https://firebase.google.com/docs/auth/admin/manage-cookies for details on how to retrieve a session cookie.
    at FirebaseAuthError.FirebaseError [as constructor] (C:\Users\mendi\Desktop\firebase-auth\node_modules\firebase-admin\lib\utils\error.js:42:28)
    at FirebaseAuthError.PrefixedFirebaseError [as constructor] (C:\Users\mendi\Desktop\firebase-auth\node_modules\firebase-admin\lib\utils\error.js:88:28)
    at new FirebaseAuthError (C:\Users\mendi\Desktop\firebase-auth\node_modules\firebase-admin\lib\utils\error.js:146:16)
    at FirebaseTokenVerifier.verifyJWT (C:\Users\mendi\Desktop\firebase-auth\node_modules\firebase-admin\lib\auth\token-verifier.js:158:35)
    at Auth.BaseAuth.verifySessionCookie (C:\Users\mendi\Desktop\firebase-auth\node_modules\firebase-admin\lib\auth\auth.js:318:43)
    at C:\Users\mendi\Desktop\firebase-auth\app.js:179:6
    at Layer.handle [as handle_request] (C:\Users\mendi\Desktop\firebase-auth\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\mendi\Desktop\firebase-auth\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (C:\Users\mendi\Desktop\firebase-auth\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (C:\Users\mendi\Desktop\firebase-auth\node_modules\express\lib\router\layer.js:95:5)
  errorInfo:
   { code: 'auth/argument-error',
     message:
      'Decoding Firebase session cookie failed. Make sure you passed the entire string JWT which represents a session cookie. See https://firebase.google.com/docs/auth/admin/manage-cookies for details on how to retrieve a session cookie.' },
  codePrefix: 'auth' }

也许这是我的错误,或者是浏览器的问题。但我认为它与我的代码无关。

标签: javascriptnode.jsfirebasecookiesmicrosoft-edge

解决方案

我发现 Edge 41.16299 有类似的问题,已在最新更新中修复。因此,我建议您为您的 Windows 安装最新更新,并检查它是否有助于解决问题。参考:developer.microsoft.com/en-us/microsoft-edge/platform/issues

推荐阅读