Node.js cors req.headers.cookie?

Question

I have a node.js server that handles some stuff, it sits on port :9000, I built an authentication middleware to restrict some routes.

I am not able to get the cookie though, so I suspect it is because the req is coming from another place :3000 for example.

I am not trying to get the cookie express sets, I am trying to get a client side PHP cookie from the req

// using var req = http.IncomingMessage.prototype;
req.authenticated = function(callback) {
    console.log(this.headers.cookie)
}

So the question is how can I setup so that whenever :3000 makes a request to my node.js server :9000 the cookie is sent with the headers?

Answer 1

You have a number of options:

• You can put both servers behind a reverse proxy (such as nginx) and map different URLs from the same authority to different backends.

• You could configure Apache (or whatever server your main site is hosted on) to forward some URLs to your Node server using mod_proxy (instructions)

• You could host your Node server on a subdomain of the main server, and use the same port, then use domain-wildcard cookies

• You could send the auth token explicitly as an HTTP header set by your client code (you'll need to send the raw auth token to the client accessible via JS; beware of XSS attacks)

• You could have the main site send a signed request to a URL on the Node.js server to set an auth cookie on its authority (you'll need to do the same on logout, and to prevent CSRF, session fixing, and other attacks; learn about SSO techniques)