我们正在构建一个 dotnetcore 2.0 Web 应用程序,该应用程序通过 http 从遗留系统接收 cookie 并在响应中设置 cookie。
当我调试应用程序时,我可以看到cookie.value
未进行 url 编码,但在调用append 后,set-cookie 标头会进行 url 编码。这是有问题的,因为旧版 cookie 需要未编码,因为旧版应用程序会按原样读取它们。
public static void AddCookie(this IResponseCookies cookies, Cookie cookie)
{
cookies.Append(cookie.Name, cookie.Value, new CookieOptions
{
Domain = cookie.Domain,
Expires = cookie.Expires == DateTime.MinValue ? null : (DateTimeOffset?) cookie.Expires,
HttpOnly = cookie.HttpOnly,
Path = cookie.Path,
Secure = cookie.Secure
});
}
有没有办法防止它们被编码?一面旗帜或某处的设置?
我尝试编写 owin 中间件,但 set-cookie 标头始终为空。
public class CookieDecode
{
private readonly RequestDelegate _next;
public CookieDecode(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context)
{
var x = context.Response.Headers;
var y = x["set-cookie"];
//y is always empty
await _next.Invoke(context);
}
}
Ideas?
不,没有办法避免 URL 编码。然而,这是什么Append https://github.com/aspnet/HttpAbstractions/blob/6657f4cf36b1790b365f1c80e58c1eed39f8d11b/src/Microsoft.AspNetCore.Http/Internal/ResponseCookies.cs#L50是在做。您可以尝试像他们一样手动设置标题吗?
public void Append(string key, string value, CookieOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var setCookieHeaderValue = new SetCookieHeaderValue(
Uri.EscapeDataString(key),
Uri.EscapeDataString(value))
{
Domain = options.Domain,
Path = options.Path,
Expires = options.Expires,
MaxAge = options.MaxAge,
Secure = options.Secure,
SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
HttpOnly = options.HttpOnly
};
var cookieValue = setCookieHeaderValue.ToString();
Headers[HeaderNames.SetCookie] = StringValues.Concat(Headers[HeaderNames.SetCookie], cookieValue);
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)