Backend Development
Python Tutorial
How to Redirect with Cookies and Headers Between Domains in HTTP?
How to Redirect with Cookies and Headers Between Domains in HTTP?
Redirecting from One Domain to Another and Setting Cookies or Headers for the Other Domain
The Challenge
Redirection from one domain to another with custom headers or cookies set in the response is not possible due to HTTP protocol limitations. A redirection essentially consists of a header (Location) associated with the response, and it does not allow for any headers to be added to the target location.
Setting cookies for a different domain is also not allowed as it would pose a significant security risk. Browsers store cookies sent by the server with a response using the Set-Cookie header, and later send them back to the server for requests made to the same server within the same domain. Cookies are not sent to a different domain.
Solution 1: Redirect with Query Parameter and Cookie Setting on Target Domain
One approach is to have the source domain redirect the user to the target domain with an access token passed as a query parameter. The target domain can then read the token and set its own cookie, which the browser will store and send for subsequent requests.
Source Domain (appA.py)
<code class="python">from fastapi import FastAPI, Response
from fastapi.responses import RedirectResponse, HTMLResponse
app = FastAPI()
@app.get('/', response_class=HTMLResponse)
def home():
return '''
<!DOCTYPE html>
<html>
<body>
<h2>Click the "submit" button to be redirected to domain B</h2>
<form method="POST" action="/submit">
<input type="submit" value="Submit">
</form>
</body>
</html>
'''
@app.post('/submit')
def submit():
token = 'MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3'
redirect_url = f'http://example.test:8001/submit?token={token}'
response = RedirectResponse(redirect_url)
response.set_cookie(key='access-token', value=token, httponly=True)
return response</code>Target Domain (appB.py)
<code class="python">from fastapi import FastAPI, Request, status
from fastapi.responses import RedirectResponse, HTMLResponse
app = FastAPI()
@app.get('/', response_class=HTMLResponse)
def home():
token = request.cookies.get('access-token')
print(token)
return 'You have been successfully redirected to domain B!' \
f' Your access token ends with: {token[-4:]}'
@app.post('/submit')
def submit(request: Request, token: str):
redirect_url = request.url_for('home')
response = RedirectResponse(redirect_url, status_code=status.HTTP_303_SEE_OTHER)
response.set_cookie(key='access-token', value=token, httponly=True)
return response</code>Solution 2: Cross-Origin Communication with Window.postMessage()
Another approach involves using Window.postMessage() for cross-origin communication. The source domain sends the token to the target domain, which stores it in localStorage and sets a cookie. Disadvantages include browser compatibility and the storage of sensitive data in localStorage.
Solution 3: StackExchange Universal Login Approach
A more robust solution is used by StackExchange for auto-login between its different sites. It involves sending an authentication token via an image's src attribute, which triggers a server response and sets cookies on the target site.
This requires browser acceptance of third-party cookies and CORS configuration on the target server. It also sends the token in the query string, posing potential security risks.
Source Domain (appA.py)
<code class="python">from fastapi import FastAPI, Response
from fastapi.responses import HTMLResponse
app = FastAPI()
@app.get('/', response_class=HTMLResponse)
def home():
return '''
<!DOCTYPE html>
<html>
<body>
<h2>Click the "submit" button to be redirected to domain B</h2>
<input type="button" value="Submit" onclick="submit()">
<script>
function submit() {
fetch('/submit', {
method: 'POST',
})
.then(res => {
authHeader = res.headers.get('Authorization');
if (authHeader.startsWith("Bearer "))
token = authHeader.substring(7, authHeader.length);
return res.text();
})
.then(data => {
var url = 'http://example.test:8001/submit?token=' + encodeURIComponent(token);
var img = document.createElement('img');
img.style = 'display:none';
img.crossOrigin = 'use-credentials';
img.onerror = function(){
window.location.href = 'http://example.test:8001/';
}
img.src = url;
})
.catch(error => {
console.error(error);
});
}
</script>
</body>
</html>
'''
@app.post('/submit')
def submit():
token = 'MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3'
headers = {'Authorization': f'Bearer {token}'}
response = Response('success', headers=headers)
response.set_cookie(key='access-token', value=token, httponly=True)
return response</code>Target Domain (appB.py)
<code class="python">from fastapi import FastAPI, Request, Response
from fastapi.responses import RedirectResponse
from fastapi.middleware.cors import CORSMiddleware
app = FastAPI()
origins = ['http://localhost:8000', 'http://127.0.0.1:8000',
'https://localhost:8000', 'https://127.0.0.1:8000']
app.add_middleware(
CORSMiddleware,
allow_origins=origins,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
@app.get('/')
def home(request: Request):
token = request.cookies.get('access-token')
print(token)
return 'You have been successfully redirected to domain B!' \
f' Your access token ends with: {token[-4:]}'
@app.get('/submit')
def submit(request: Request, token: str):
response = Response('success')
response.set_cookie(key='access-token', value=token, samesite='none', secure=True, httponly=True)
return response</code>Security Considerations
When transferring tokens or setting cookies between domains, it is crucial to consider security implications. Avoid sending sensitive data in the query string as it can be intercepted or compromised. Use HTTPS connections for secure data transfer. Set the SameSite flag to 'None' with the Secure flag for cross-site access protection.
The above is the detailed content of How to Redirect with Cookies and Headers Between Domains in HTTP?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1423
52
1317
25
1268
29
1246
24
Python vs. C : Applications and Use Cases Compared
Apr 12, 2025 am 12:01 AM
Python is suitable for data science, web development and automation tasks, while C is suitable for system programming, game development and embedded systems. Python is known for its simplicity and powerful ecosystem, while C is known for its high performance and underlying control capabilities.
Python: Games, GUIs, and More
Apr 13, 2025 am 12:14 AM
Python excels in gaming and GUI development. 1) Game development uses Pygame, providing drawing, audio and other functions, which are suitable for creating 2D games. 2) GUI development can choose Tkinter or PyQt. Tkinter is simple and easy to use, PyQt has rich functions and is suitable for professional development.
Python vs. C : Learning Curves and Ease of Use
Apr 19, 2025 am 12:20 AM
Python is easier to learn and use, while C is more powerful but complex. 1. Python syntax is concise and suitable for beginners. Dynamic typing and automatic memory management make it easy to use, but may cause runtime errors. 2.C provides low-level control and advanced features, suitable for high-performance applications, but has a high learning threshold and requires manual memory and type safety management.
The 2-Hour Python Plan: A Realistic Approach
Apr 11, 2025 am 12:04 AM
You can learn basic programming concepts and skills of Python within 2 hours. 1. Learn variables and data types, 2. Master control flow (conditional statements and loops), 3. Understand the definition and use of functions, 4. Quickly get started with Python programming through simple examples and code snippets.
Python and Time: Making the Most of Your Study Time
Apr 14, 2025 am 12:02 AM
To maximize the efficiency of learning Python in a limited time, you can use Python's datetime, time, and schedule modules. 1. The datetime module is used to record and plan learning time. 2. The time module helps to set study and rest time. 3. The schedule module automatically arranges weekly learning tasks.
Python vs. C : Exploring Performance and Efficiency
Apr 18, 2025 am 12:20 AM
Python is better than C in development efficiency, but C is higher in execution performance. 1. Python's concise syntax and rich libraries improve development efficiency. 2.C's compilation-type characteristics and hardware control improve execution performance. When making a choice, you need to weigh the development speed and execution efficiency based on project needs.
Python: Automation, Scripting, and Task Management
Apr 16, 2025 am 12:14 AM
Python excels in automation, scripting, and task management. 1) Automation: File backup is realized through standard libraries such as os and shutil. 2) Script writing: Use the psutil library to monitor system resources. 3) Task management: Use the schedule library to schedule tasks. Python's ease of use and rich library support makes it the preferred tool in these areas.
Python: Exploring Its Primary Applications
Apr 10, 2025 am 09:41 AM
Python is widely used in the fields of web development, data science, machine learning, automation and scripting. 1) In web development, Django and Flask frameworks simplify the development process. 2) In the fields of data science and machine learning, NumPy, Pandas, Scikit-learn and TensorFlow libraries provide strong support. 3) In terms of automation and scripting, Python is suitable for tasks such as automated testing and system management.
