頁(yè)面嵌入iframe Cookie丟失問題以及解決過程

更新時(shí)間：2026年02月07日 10:00:50 作者：花開不識(shí)君

文章介紹了在頁(yè)面嵌入iframe時(shí)遇到的cookie丟失問題,提出了解決方案：后端將cookie以鏈接參數(shù)的形式傳遞給前端,前端在請(qǐng)求接口時(shí)將cookie放在請(qǐng)求頭中,后端通過攔截器解析并重新放置cookie

頁(yè)面嵌入iframe Cookie丟失問題

遇到的問題

自身頁(yè)面以iframe的形式嵌入三方頁(yè)面中，雙方域名不一致導(dǎo)致自身頁(yè)面的cookie被某些瀏覽器攔截?zé)o法正常被保存到客戶端

解決方案

后端將cookie以鏈接參數(shù)的形式帶給前端
前端在請(qǐng)求接口的時(shí)候?qū)ookie放在請(qǐng)求頭（這里無法直接在請(qǐng)求頭放置Cookie參數(shù)，需要使用一個(gè)新的參數(shù)來放置Cookie）
后端使用攔截器獲獲取請(qǐng)求頭中Cookie副本解析后重新放置到Cookie中

后端部分實(shí)現(xiàn)示例代碼

解析獲取Response中的Cookie

// 從Response Header 中的 Set-Cookie解析
for (String cookie : response.getHeaders("Set-Cookie")) {
    cookie = cookie.split(";")[0];
    String[] split = cookie.split("=", 2);
    cookieMap.put(split[0], split[1]);
}

后端攔截器設(shè)置設(shè)置Coookie

@Component
@Order(1)
public class HeaderCookieFilter implements Filter {

    private static final Logger log = LoggerFactory.getLogger(HeaderCookieFilter.class);
    private final String HEADER_COOKIE_KEY = "identityKey";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        try {
            HttpServletRequestWrapper customRequest = (HttpServletRequestWrapper)request;
            JSONObject cookieInfo = check(request);
            //如果校驗(yàn)通過
            if(cookieInfo!=null) {
                Cookie[] cookies = new Cookie[cookieInfo.size()];
                // 修改cookie
                Iterator<String> iterator = cookieInfo.keySet().iterator();
                for (int i = 0; i < cookieInfo.keySet().size(); i++) {
                    String key = iterator.next();
                    String value = cookieInfo.getString(key);
                    Cookie cookie = new Cookie(key, value);
                    cookies[i] = cookie;
                }
                request = new CustomRequest(customRequest, cookies);
            }
        }catch (Exception e){
            log.error("header transfor cookie error",e);
        }
        chain.doFilter(request,response);
    }

    @Override
    public void destroy() {
    }

    private JSONObject check(ServletRequest request) throws UnsupportedEncodingException {
        HttpServletRequestWrapper customRequest = (HttpServletRequestWrapper)request;
        // 不存在identityKey請(qǐng)求頭，直接跳過
        String allCookieStrEncode = customRequest.getHeader(HEADER_COOKIE_KEY);
        boolean hasHeaderCookie = StringUtils.isNotEmpty(allCookieStrEncode);
        if(!hasHeaderCookie){
            return null;
        }
        String cookieStr = URLDecoder.decode(allCookieStrEncode, CharEncoding.UTF_8);
        JSONObject cookieInfo = JSON.parseObject(cookieStr);
        return cookieInfo;
    }
    class CustomRequest extends HttpServletRequestWrapper {
        Cookie[] cookies;
        public CustomRequest(HttpServletRequest request, Cookie[] cookies) {
            super(request);
            this.cookies = cookies;
        }
        @Override
        public Cookie[] getCookies(){
            return cookies;
        }
    }
}