在Cors中发送原始Cookie不适用于VideoJS

问题描述：

我有以下子域:

stream.example.com
sub.example.com

stream.example.com
sub.example.com

两个域都具有SSL证书并且有效. 我正在使用具有 http_streaming 库的videoJS 7.6.6.

Both domains have SSL certificates and are valid. I am using videoJS 7.6.6 which has http_streaming library.

在sub.example.com上，有一个视频标签，用于将破折号清单设置为包含指向stream.example.com的链接的源.VideoJS在向stream.example.com链接发出请求时需要包含来自sub.example.com的laravel cookie，但这不是发生这种情况，并且当我从开发人员控制台下载HAR result时，我在请求中看到了空Cookie.

On sub.example.com , there is a video tag which sets a dash manifest as source containing links to stream.example.com.VideoJS needs to include laravel cookies from sub.example.com when making a request to stream.example.com links but this is not happening and when i download the HAR result from developer console i see empty cookies in the request.

我的VideoJS HTML

My VideoJS HTML

<video-js id="player" class="video-js vjs-big-play-centered">
            <source src="data:application/dash+xml;charset=utf-8;base64,......." type="application/dash+xml" crossorigin="use-credentials">
        </video-js>

维护清单有效，并且包含stream.example.com网址

The mainifest is valid and it contains stream.example.com urls

VideoJS

player = window.player = videojs('player', {
            html5: {
                hls: {
                    withCredentials: true
                }
            },
            controls : true,
            fluid: true,
            controlBar: {
                children: ['playToggle', 'volumePanel', 'currentTimeDisplay', 'timeDivider', 'durationDisplay', 'progressControl', 'liveDisplay', 'seekToLive', 'remainingTimeDisplay', 'customControlSpacer', 'playbackRateMenuButton', 'chaptersButton', 'descriptionsButton', 'subsCapsButton', 'audioTrackButton', 'settingMenuButton', 'qualitySelector','fullscreenToggle']
            },
            preload : 'auto',
            poster : '',
        });
        player.hotkeys({
            volumeStep: 0.1,
            seekStep: 5,
            alwaysCaptureHotkeys: true
        });

        var myplugin = window.myplugin = player.myplugin();
    }(window, window.videojs));

当我在浏览器选项卡中查看视频链接时，

stream.example.com具有以下标题.

stream.example.com has the following headers when i view a video link in a browser tab.

accept-ranges: bytes
access-control-allow-credentials: 1
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Authorization,Range
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin: https://sub.example.com
access-control-max-age: 86400
cache-control: private, max-age=18350
content-length: 69688791
content-range: bytes 0-69688790/69688791
content-type: video/mp4

我下载了HAR请求，以了解videoJS如何发出请求

I downloaded the HAR request to see how videoJS is making the request

  {
    "startedDateTime": "2020-03-15T07:53:57.647Z",
    "time": 1.1023430000004737,
    "request": {
      "method": "GET",
      "url": "https://stream.example.com/s/......",
      "httpVersion": "",
      "headers": [
        {
          "name": "Referer",
          "value": "https://sub.example.com/"
        },
        {
          "name": "Sec-Fetch-Dest",
          "value": "empty"
        },
        {
          "name": "User-Agent",
          "value": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
        },
        {
          "name": "DNT",
          "value": "1"
        },
        {
          "name": "Range",
          "value": "bytes=741-2044"
        }
      ],
      "queryString": [
        {
          "name": "u",
          "value": "....."
        }
      ],
      "cookies": [], // <-- The cookies are EMPTY
      "headersSize": -1,
      "bodySize": 0
    },

编辑1

我已经通过在.env中添加以下内容在laravel*享cookie

I am already sharing cookies in laravel by adding the following in .env

SESSION_DOMAIN = .example.com

sub.example.com的cookie域显示.example.com，但stream.example.com

The cookie domain for sub.example.com show .example.com but no cookie for stream.example.com

编辑2

对stream.example.com的videojs选项请求的响应如下所示

The response to videojs options request for stream.example.com are shown below

HTTP/2 204 No Content
server: nginx
cache-control: no-cache, private
date: Sat, 21 Mar 2020 06:19:26 GMT
access-control-allow-origin: https://sub.example.com
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Authorization,Range
access-control-allow-credentials: 1
access-control-max-age: 86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImM4czZNVFRRbWF1emFONXlVMjBGWkE9PSIsInZhbHVlIjoiazVDMUNIR2NqXC9QVUpJdjA3S2lHQ2pKdkJFeHpZdGVodHQ5XC9nZ3JHYVQyUk50V2cxdkQrZ1wvV3ZsOEpDVUhBSiIsIm1hYyI6IjUwYjk4ZjYyZDJmNjg1ZjU4YTg2MDE5ZGNkYmZlOTk5NWVmNTE5ZTRjY2Q1YzQ0ZDI3MzEyNWQ0YmExMzVjZGIifQ%3D%3D; expires=Sat, 21-Mar-2020 10:19:26 GMT; Max-Age=14400; path=/; domain=.example.com
set-cookie: laravel_session=eyJpdiI6IkZvZk9vK2J3YVVhQ2Q4VXpTZjZXN3c9PSIsInZhbHVlIjoiNHZId3orR3dQRDRiOXVFVitKR21NU21DbnVFXC9IcFMxaDFsUXRRUG9VQkFHZnNSdVpRSFBaaHJ5cXdGZDJObUgiLCJtYWMiOiI5ZjllY2IwZjFiNzkxYWMxNTI2ZTFiZWU5OTA4YjNjNzIxZWNkMTBiZjY0ZWQzNDBkMzg5MTEzYjM2MjQ4ODk1In0%3D; path=/; domain=.example.com
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

答

我假设您需要使Cookie对所有子域均有效， 共享" ，如如何在子域和域之间共享cookie 所述:

I assume you need to make the cookies valid for all subdomains, "share" them, as described how to share cookie between subdomain and domain:

如果您使用以下内容，则将在两个域上均可用:

if you use the following, it will be usable on both domains:

Set-Cookie: name=value; domain=example.com

尝试通过 OPTIONS请求来"url":"stream.example.com/s ......"，看看您是否获得了上述正确的响应cors标头?您可以通过Firefox开发者工具编辑并重新发送请求.

Try an OPTIONS request to "url": "stream.example.com/s......" and see if you get the correct response cors headers as above? You can edit and resend the request through Firefox Developer tools.

所有其他看起来不错.

设置跨源请求的Cookie

在Cors中发送原始Cookie不适用于VideoJS

相关推荐