961
跨域訪問 - cookies
跨域寫入cookie
可以通過URL參數實現跨域cookie寫入,例如,www.a.com域需要為www.b.com域寫入cookie信息,token=abcd。
清單:實現重定向,URL: https://www.a.com/token?from=https://www.b.com/set_cookie
@WebServlet("/token")
public class TokenGeneratorServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 生成token
String token = "abcd";
String cookieName = "token";
String cookieVal = token;
//寫入本域cookie
//Cookie cookie = new Cookie(cookieName, cookieVal);
//cookie.setPath("/");
//response.addCookie(cookie);
// 請求的原始來源域
String from = request.getParameter("from");
response.sendRedirect(from + "?cname=" + cookieName + "&cval=" + cookieVal); //重定向到目標域
}
}
清單:實現寫入cookie,URL:https://www.b.com/set_cookie
@WebServlet("/set_cookie")
public class SetCookieServlet extends HttpServlet {
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
// 將要寫入的cookie項,調用者通過參數傳遞
String cookieName = request.getParameter("cname"); //cookie的key
String cookieVal = request.getParameter("cval"); //cookie的value
// 生成cookie
Cookie cookie = new Cookie(cookieName, cookieVal);
cookie.setPath("/");
response.addCookie(cookie);
}
}
缺點:隻能實現向一個域寫入cookie
跨域讀取cookie
可以通過js的script標簽讀取其它域的cookie。
假設頁麵cookie_reader.jsp 需要讀取www.b.com的cookie值token,現在www.b.com域名的網站對外暴露了 URL為https://www.b.com/read_cookies 的API,該API將讀取該域所有的cookie鍵值對,然後把鍵值對以下麵這種形式,返回。
var cookie_key1=cookie_value1; var cookie_key2=cookie_value2
清單:cookie_reader.jsp 讀取cookie值:token,並彈窗
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>讀取其它域cookie信息</title>
<!--
通過script標簽執行另一個域實現的讀取cookie的方法,
script標簽返回結果將是變量定義形式的js代碼,其中每一個變量表示一個cookie項
這些代碼加載後,此頁麵後續js代碼可直接讀取已定義的變量值,即各cookie值
-->
<script type="text/javascript" src="https://www.b.com/read_cookies"></script>
</head>
<body>
<script type="text/javascript">
alert(token);
</script>
</body>
</html>
清單:read_cookies API接口
@WebServlet("/read_cookies")
public class ReadCookiesServlet extends HttpServlet {
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
StringBuilder builder = new StringBuilder();
// 一定要正確設置響應類型,否則可能導致IE不解析js而直接進行下載操作
response.setContentType("application/javascript");
if (cookies != null) {
PrintWriter writer = response.getWriter();
for (Cookie cookie : cookies) {
builder.setLength(0);
// 結果類似於var token='test123';
builder.append("var ")
.append(cookie.getName())
.append("=")
.append("'")
.append(cookie.getValue())
.append("'")
.append(";");
writer.write(builder.toString());
}
}
}
}
最後更新:2017-06-30 15:02:12