ory kratos csrf cookie 未在 nginx ssl 后面发送

我确实设法解决了这个问题，它在生产中没有标志的情况下工作正常，即使在重新启动服务和更改所有内容后也不会搞砸。--dev也许它甚至是我的反应形式，我使用defaultValue作为csrf令牌输入现在，每当 window.location url 更改或csrf_token更改时，它都应该使用最新的值作为csrf_tokenconst [csrf, setCsrf] = React.useState('');useEffect(() => {  if (flowResponse !== null) {    const csrfVal = flowResponse?.ui?.nodes?.find?.(n => n.attributes.name === 'csrf_token')?.attributes.value;    setCsrf(csrfVal);  }}, [flowResponse, csrf]);<input type='hidden' name='csrf_token' value={csrf} readOnly required />最糟糕的是，它也可能是一个尾部斜杠或如此小的东西，我不确定究竟是什么原因造成的。在这里，所有人都发布了所有适合我的配置：可能是我以前尝试过这个kratos网址 http://127.0.0.1:4433 或 http://kratos:4433，但它不起作用（即使我在这3个之间切换哈哈）init kratos clientconf := kratos.NewConfiguration()conf.Servers[0].URL = "https://example.com/kratos/"kratosClient := kratos.NewAPIClient(conf)kratos.ymlversion: v0.6.2-alpha.1dsn: postgres://test:test@postgresd:5432/test?sslmode=disable&max_conns=20&max_idle_conns=4serve:  public:    base_url: https://example.com/kratos/    cors:      enabled: true      debug: true      allow_credentials: true      options_passthrough: true      max_age: 0      allowed_origins:        - https://example.com      allowed_methods:        - POST        - GET        - PUT        - PATCH        - DELETE        - OPTIONS      allowed_headers:        - Authorization        - Cookie        - Origin        - X-Session-Token      exposed_headers:        - Content-Type        - Set-Cookie  admin:    base_url: http://127.0.0.1:4434/selfservice:  default_browser_return_url: https://example.com  whitelisted_return_urls:    - https://example.com    - https://example.com/dashboard    - https://example.com/auth/login  methods:    password:      enabled: true    oidc:      enabled: false    link:      enabled: true    profile:      enabled: true  flows:    error:      ui_url: https://example.com/error    settings:      ui_url: https://example.com/dashboard/profile      privileged_session_max_age: 15m    recovery:      enabled: true      ui_url: https://example.com/auth/recovery      after:        default_browser_return_url: https://example.com/auth/login    verification:      enabled: true      ui_url: https://example.com/auth/verification      after:        default_browser_return_url: https://example.com    logout:      after:        default_browser_return_url: https://example.com    login:      ui_url: https://example.com/auth/login      lifespan: 10m    registration:      lifespan: 10m      ui_url: https://example.com/auth/registration      after:        password:          hooks:            - hook: session          default_browser_return_url: https://example.com/auth/login        default_browser_return_url: https://example.com/auth/login        oidc:          hooks:            - hook: sessionsecrets:  cookie:    - veRy_S3cRet_tHinGsession:  lifespan: 24h  cookie:    domain: example.com    same_site: Lax    path: /           // <- i didn't have path before, not sure if it changes anything but it works (before csrf cookie had path /kratos and now when it works it has path /, same as session_cookie)hashers:  argon2:    parallelism: 1    memory: 128MB    iterations: 1    salt_length: 16    key_length: 16identity:  default_schema_url: file:///etc/config/kratos/identity.schema.jsoncourier:  smtp:    connection_uri: smtp://user:pwd@smtp.mailtrap.io:2525    from_name: example    from_address: office@example.cpmwatch-courier: truelog:  level: debug  format: text  leak_sensitive_values: truenginx.confserver {    server_name example.com www.example.com;    location / {       root /var/www/public;       try_files $uri $uri/ /index.html;    }    location /api/ {      proxy_pass http://127.0.0.1:3001; // backend api url      proxy_http_version 1.1;      proxy_set_header Host $host;      proxy_set_header X-Real-IP $remote_addr;      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      proxy_set_header X-Forwarded-Port $server_port;      proxy_set_header x-forwarded-proto $scheme;      proxy_set_header Upgrade $http_upgrade;      proxy_set_header Connection 'upgrade';      proxy_cache_bypass $http_upgrade;    }    location /kratos/ {      proxy_pass http://127.0.0.1:4433/;  // kratos public url      proxy_http_version 1.1;      proxy_set_header Host $host;      proxy_set_header X-Real-IP $remote_addr;      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      proxy_set_header X-Forwarded-Port $server_port;      proxy_set_header x-forwarded-proto $scheme;      proxy_set_header Upgrade $http_upgrade;      proxy_set_header Connection 'upgrade';      proxy_cache_bypass $http_upgrade;    }           listen [::]:443 ssl ipv6only=on; # managed by Certbot    listen 443 ssl; # managed by Certbot    certs...}server {    if ($host = www.example.com) {        return 301 https://$host$request_uri;    } # managed by Certbot    if ($host = example.com) {        return 301 https://$host$request_uri;    } # managed by Certbot   listen 80 default_server;   listen [::]:80 default_server;   server_name example.com www.example.com;   return 404; # managed by Certbot}

ory kratos csrf cookie 未在 nginx ssl 后面发送

2回答