google-chrome - 我可以在 Web 浏览器中重定向时保留 cookie

问题描述

我的网站在https://cea3308fad4a.ngrok.io上运行 通常我的请求响应如下所示，我在其中获取 cookie 来识别当前用户

Request URL: https://cea3308fad4a.ngrok.io/rest/myapp/get-slack-status
Request Method: GET
Status Code: 200 
Remote Address: 3.14.182.203:443
Referrer Policy: strict-origin-when-cross-origin

Response:
Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJhbW9lYm9pZHMucGVvcGxlIiwic3ViIjoiNTU3MDU4OjZmNjZmYjY4LTdiNjgtNDVmNi05MjBhLWZjNmFiZWVmM2IwYiIsImNsaWVudEtleSI6IjIzZDQ0Y2FlLTc3M2MtM2QzYy1iOGU4LWI3MjdhN2FjNjU1MiIsImlzcyI6ImFtb2Vib2lkcy5wZW9wbGUiLCJleHAiOjE2MTcyMTkwNzEsImlhdCI6MTYxNzIwMTA3MX0.WAsnMGxxxnXeWj5mOI0rEZkBqBgmQsSVL6dny1xoGHU
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 5
Content-Type: application/json
Date: Wed, 31 Mar 2021 14:31:11 GMT
Expires: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: JSESSIONID=33DB4EE9F98AB90C31D508E5668DC3E3; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Request:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,mr;q=0.7
authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJhbW9lYm9pZHMucGVvcGxlIiwic3ViIjoiNTU3MDU4OjZmNjZmYjY4LTdiNjgtNDVmNi05MjBhLWZjNmFiZWVmM2IwYiIsImNsaWVudEtleSI6IjIzZDQ0Y2FlLTc3M2MtM2QzYy1iOGU4LWI3MjdhN2FjNjU1MiIsImlzcyI6ImFtb2Vib2lkcy5wZW9wbGUiLCJleHAiOjE2MTcyMTkwNjIsImlhdCI6MTYxNzIwMTA2Mn0.lQpLks07T5gG8N_XAI2Ya059fZVFMukmXOBrWiTyKXM
cache-control: no-cache, no-store
Connection: keep-alive
Host: cea3308fad4a.ngrok.io
locale: en_US
Referer: https://cea3308fad4a.ngrok.io/settings/labsSettings
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/89.0.4389.90 Safari/537.36

我将用户重定向到松弛以进行授权。当我在浏览器中重定向用户时，请求响应如下所示

General:
Request URL: https://slack.com/oauth/authorize?scope=bot,users:read,users:read.email,team:read&client_id=4427499992.264434423440&redirect_uri=https://cea3308fad4a.ngrok.io/rest/myapp/latest/labs/slack-service/authorize&state=RVSGPDAQSIZ2G4AHVSIA====
Request Method: GET
Status Code: 200 
Remote Address: 15.206.34.128:443
Referrer Policy: strict-origin-when-cross-origin

Response Headers:
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1128
content-type: text/html; charset=utf-8
date: Wed, 31 Mar 2021 03:47:34 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
referrer-policy: no-referrer
server: Apache
set-cookie: x=909nnzf90qqjoe0a77wnqytm9.1617160917; expires=Wed, 31-Mar-2021 04:02:34 GMT; Max-Age=900; path=/; domain=.slack.com; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: envoy-www-iad-d846
x-backend: main_normal main_bedrock_normal_with_overflow main_canary_with_overflow main_bedrock_canary_with_overflow main_control_with_overflow main_bedrock_control_with_overflow
x-envoy-upstream-service-time: 9
x-frame-options: SAMEORIGIN
x-server: slack-www-hhvm-main-iad-ygr7
x-slack-backend: r
x-slack-shared-secret-outcome: shared-secret
x-via: envoy-www-iad-d846, haproxy-edge-bom-kbgp
x-xss-protection: 0

Request headers:
:authority: slack.com
:method: GET
:path: /oauth/authorize?scope=bot,users:read,users:read.email,team:read&client_id=4427499992.264434423440&redirect_uri=https://cea3308fad4a.ngrok.io/rest/myapp/latest/labs/slack-service/authorize&state=RVSGPDAQSIZ2G4AHVSIA====
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,hi;q=0.8,mr;q=0.7
cookie: b=.909nnzf90qqjoe0a77wnqytm9; d=9RvJ5q7RVrx0D2osCDfJZ2w7jKOoWNYgJuu2GDbkM4B%2FFl5Iy%2BoyHpEK3uoqfIpInRMf5JC5TK4GGpYrE0FynkOHASGL9JYp7j29rNSwu75imdHmjCgcXP88TOSg%2F3YtRemMn0%2BTXMwh8N8qT%2BpnkSndoBWwuxdHg4eWih6s%2BzumO7rIwsPfDw%3D%3D; shown_download_ssb_modal=1; _gcl_au=1.1.28666085.1615820963; show_download_ssb_banner=1; no_download_ssb_banner=1; utm=%7B%22utm_source%22%3A%22in-prod%22%2C%22utm_medium%22%3A%22inprod-apps_link-slack_menu-cl%22%7D; _lc2_fpi=e00b11ac9c9b--01f0wrd8vfa53ewfk6v5grpkf6; _ga=GA1.2.386784357.1615872828; optimizelyEndUserId=oeu1615872901920r0.4286579377831994; __adroll_fpc=2656b729a6a12f64fbf3133a9ca10f83-1615872919473; _fbp=fb.1.1615872920764.1565325093; __qca=P0-697155624-1615872919521; __ar_v4=%7C4UHU5P4P3FESHLUMNBLWAU%3A20210315%3A2%7CQCM34G7NBZEHHATIFDIUBJ%3A20210315%3A2%7CK2HN2U4VSJGOVKC2WJLQNH%3A20210315%3A2; visitor_id755253=607684186; visitor_id755253-hash=b4e1d22c933b6bd09c9078e51acaa3f464ceb23f3f541be9fc1f31d49814d394df949e6c528cab2b672c074a0e1349bf6c0888f0; d-s=1617160917; x=909nnzf90qqjoe0a77wnqytm9.1617160917; _li_dcdm_c=.slack.com; _gid=GA1.2.1832623754.1617160920; _uetsid=489c1b8091d011eb95378d600b12db31; _uetvid=2ea702c0861911eb9c7bb1bb36f1cc68; OptanonConsent=isIABGlobal=false&datestamp=Wed+Mar+31+2021+09%3A06%3A49+GMT%2B0530+(India+Standard+Time)&version=6.12.0&hosts=&consentId=f92db249-b491-40a1-bb7c-d915a828647b&interactionCount=1&landingPath=NotLandingPage&groups=C0004%3A1%2CC0002%3A1%2CC0003%3A1%2CC0001%3A1&AwaitingReconsent=false&geolocation=IN%3BMH; OptanonAlertBoxClosed=2021-03-31T03:36:49.837Z
referer: https://cea3308fad4a.ngrok.io/
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36

Query string param:
scope: bot,users:read,users:read.email,team:read
client_id: 4427499992.264434423440
redirect_uri: https://cea3308fad4a.ngrok.io/rest/myapp/latest/labs/slack-service/authorize
state: RVSGPDAQSIZ2G4AHVSIA====

然后 slack 将用户再次重定向到我的网站。请求响应如下所示

General
Request URL: https://cea3308fad4a.ngrok.io/rest/myapp/latest/labs/slack-service/authorize?code=4427499992.1920792097588.5196a0b374f07d716716eb1809e62c8bd60e0297475131fedcdb629cc8c17820&state=RFUHV3IYQZO2K4IWVSIA%3D%3D%3D%3D
Request Method: GET
Status Code: 303 
Remote Address: 3.14.182.203:443
Referrer Policy: no-referrer

Response headers:
HTTP/1.1 303
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Location: https://shivdev.atlassian.net/plugins/servlet/ac/company.people/app-settings
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Length: 0
Date: Wed, 31 Mar 2021 03:29:20 GMT

Request headers:
GET /rest/myapp/latest/labs/slack-service/authorize?code=4427499992.1920792097588.5196a0b374f07d716716eb1809e62c8bd60e0297475131fedcdb629cc8c17820&state=RFUHV3IYQZO2K4IWVSIA%3D%3D%3D%3D HTTP/1.1
Host: cea3308fad4a.ngrok.io
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,mr;q=0.7
code=4427499992.1920792097588.5196a0b374f07d716716eb1809e62c8bd60e0297475131fedcdb629cc8c17820&state=RFUHV3IYQZO2K4IWVSIA%3D%3D%3D%3D

我的问题是我可以如何在 slack 重定向中设置 cookie（slack 是不同的网站），就像我在第一个请求响应中提到的那样，以便我可以获得当前登录的用户？

标签： google-chromeredirecthttp-headersslack