jeudi 30 août 2018

Fail to receive Set-Cookie in response header

I'm developing an app which makes http request to a server and expects Set-Cookie in the header

Now when I send a HTTP POST request using proxy (like Charles and mitmproxy) to the endpoint I can get Set-Cookie in the response header correctly, but if I turn off the proxy and make request directly, then everything else is same, but the Set-Cookie is missing in the response header.

Request with proxy:

POST /_bm/_data HTTP/1.1
Host: www.wsy-test.com
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Type: text/plain;charset=UTF-8
Cookie: anonymousId=4DD95464BB44EF9BB078C84D1F7BB93E
Origin: https://www.wsy-test.com
Referer: https://www.wsy-test.com/landing/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

{"request_id":"username"}

Response with proxy:

HTTP/1.1 201 Created
Content-Length: 22
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,Authorization
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: https://www.wsy-test.com
Allow: POST, OPTIONS
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: application/json
Date: Thu, 30 Aug 2018 05:55:12 GMT
Expires: Thu, 30 Aug 2018 05:55:12 GMT
Pragma: no-cache
Set-Cookie: _a=BGYUKVYTCT567VGHJD; expires=Fri, 30 Aug 2019 05:55:12 GMT; max-age=31536000; path=/; domain=.wsy-test.com

{
  "success": true
}

Request without proxy:

POST /_bm/_data HTTP/1.1
Host: www.wsy-test.com
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Type: text/plain;charset=UTF-8
Cookie: anonymousId=13456C21159F9E36D723EF992BF7999C
Origin: https://www.wsy-test.com
Referer: https://www.wsy-test.com/landing/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

{"request_id":"username"}

Response without proxy:

HTTP/1.1 201 Created
Content-Length: 22
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,Authorization
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: https://www.wsy-test.com
Allow: POST, OPTIONS
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: application/json
Date: Thu, 30 Aug 2018 05:56:13 GMT
Expires: Thu, 30 Aug 2018 05:56:13 GMT
Pragma: no-cache

{
  "success": true
}

I don't have special configurations in Charles proxy. This issue confused me for a long time.




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)