Reputation: 621
My problem is: browser doesn't save the cookie from the Set-Cookie
header.
I have the frontend (Angular2) that was deployed locally on my desktop. Backend on the staging server, so interaction is over the CORS.
What I'm getting in the request with the Set-Cookie
header:
HTTP/1.1 200 OK
Date: Tue, 08 Aug 2017 11:00:03 GMT
Server: .....
Access-Control-Allow-Origin: http://localhost:4200
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 39
Set-Cookie: session=.........; Path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
I'm sending the following request after I'm getting the answer above:
GET /api/..... HTTP/1.1
Host: ...{some url}...
Connection: keep-alive
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/json
Accept: application/json, text/plain, */*
withCredentials: true
Referer: http://localhost:4200/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,ru;q=0.6,uk;q=0.4
As you can see, there are no cookies there. Also, I can't see them in the external app (Chrome addon), in the JS console and in the web-console in the Application
section. So cookies are definitely not saved by the browser.
My question is: where is the problem? Is it something wrong with my headers/whatever else, or is it the backend issue with the headers? Where can the problem be?
About the duplicating answers - as you will be able to see, I tried the answers that I was able to found here in the other topics, but they didn't solve my problem.
Upvotes: 9
Views: 9212
Reputation: 777
I had this issue and used {with Credentials: true}
option in the login call. Which doesn't make sense to me, but without that it wouldn't write the cookie at all. I'm just posting this answer to empasize that it needs to be in the login call options.
Upvotes: 6
Reputation: 939
Can be put straight into http.method...
this.http.get(url, { withCredentials: true });
Upvotes: 3
Reputation: 621
Accidentally found the answer. Those of you who will get the same issue,
check that you're defining headers in the correct way.
The reason is the withCredentials
header and his defining within the Angular. To set it correctly you should do it in the following way:
let options = new RequestOptions();
options.withCredentials = true;
Everything should be fine with this syntax.
Upvotes: 7