Skip to content

Commit d032f45

Browse files
ExquisiteCoreclaude
ExquisiteCore
and
claude
committed
fix: 添加 Cookie Domain 属性解决第三方 Cookie 拦截问题
浏览器(Chrome 等)默认阻止第三方 Cookie,导致跨子域的 refresh_token 无法存储。 通过设置 Domain=.exquisitecore.xyz,使 Cookie 成为同站 Cookie, blog.exquisitecore.xyz 和 api.exquisitecore.xyz 可以共享。 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 2f7fac9 commit d032f45

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

backend/src/middleware/auth.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -160,9 +160,9 @@ pub fn build_refresh_cookie(token: &str) -> String {
160160
token, max_age
161161
)
162162
} else {
163-
// 生产环境:设置 Secure 和 SameSite=None(跨域需要)
163+
// 生产环境:设置 Domain 使 Cookie 在主域下共享,避免被浏览器当作第三方 Cookie 拦截
164164
format!(
165-
"refresh_token={}; HttpOnly; Secure; SameSite=None; Path=/api/auth; Max-Age={}",
165+
"refresh_token={}; HttpOnly; Secure; SameSite=None; Domain=.exquisitecore.xyz; Path=/api/auth; Max-Age={}",
166166
token, max_age
167167
)
168168
}
@@ -176,7 +176,7 @@ pub fn build_clear_refresh_cookie() -> String {
176176
if is_dev {
177177
"refresh_token=; HttpOnly; SameSite=Lax; Path=/api/auth; Max-Age=0".to_string()
178178
} else {
179-
"refresh_token=; HttpOnly; Secure; SameSite=None; Path=/api/auth; Max-Age=0".to_string()
179+
"refresh_token=; HttpOnly; Secure; SameSite=None; Domain=.exquisitecore.xyz; Path=/api/auth; Max-Age=0".to_string()
180180
}
181181
}
182182

0 commit comments

Comments
 (0)