I have a PHP Script which successfully returns some simple Headers as well as a set-cookie header if called directly in the browser (or by postman). I can read the response-headers like that from chrome devTools. But as soon as I call it by Axios, the set-cookie header doesn't show up and there's no cookie saved in the browser.

I tried diffrent things like changing the response-headers server-side and using "withCredentials: true" with axios, but nothing worked. I don't even get an error or any cors-related problems.

PHP:

header("Access-Control-Allow-Origin: http://localhost:8080");

header("Content-Type: application/json; charset=UTF-8");

header("Access-Control-Allow-Methods: POST, GET");

header("Access-Control-Allow-Credentials: true");

header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");

header("Access-Control-Max-Age: 99999999");

setcookie("TestCookie", "Testing", time() + 3600, "/", "localhost", 0);

die();

JS:

Vue.prototype.$http = ({

baseURL: XYZ,

withCredentials: true

})

So my first question is why does the header appear when calling the php script directly? And how can I archive to get the header through axios too?

解决方案

probably cookie is 'httpOnly', which means client side javascript can not read it.

Therefore it is not showing in chrome cookie section.

test the same request in mozilla, header will show up.