Reputation: 317
Why is a Cross-Domain HttpOnly Cookie received by the browser but not saved?
Hi everybody,
after hours of googling and trying every approach I could find I haven't found a solution to my problem.
I am trying to save a JWT Token in an HttpOnly cookie but although my server sends the cookie correctly it doesn't get set in the browser.
I have CORS enabled on the server-side, the cookie being sent is not Secure has the Path '/' and has set SameSite=none. The domain is set to localhost because that's where my frontend is running and HttpOnly=true.
The cookie is received correctly and is visible in Chrome as token=eyJ...hcP; Max-Age=31104000; Domain=localhost; Path=/; Expires=Thu, 05 Aug 2021 12:22:35 GMT; HttpOnly, SameSite=None
I'm guessing the problem is that the frontend is running on localhost:3000 and the backend on localhost:4000.
I would appreciate any help, thank you!
Upvotes: 2
Views: 1105
Answers (1)
Reputation: 2531
I'm guessing the problem is that the frontend is running on localhost:3000 and the backend on localhost:4000.
This is the answer. localhost:4000 and localhost:3000 are not the same domain when regarding cookies.
The most common solution is to use webpack-dev-server. This dev-server will be responsible for two things.
- serve static files (your single page application).
- Proxy API request to your API server.
So you will need to implement this as a part of your frontend development environment.
Upvotes: 1
Related Questions
- Set-Cookie present in the header but not being set in the browser
- Cookies not saved when using npm request library
- express-session for cross-domain application not sending cookies
- Setting a domain with Express sessions stops cookie from being saved
- CORS Cookies not getting saved in the browser
- Setting Cookies with CORS requests
- CORS - Server side cookie is not getting saved on chrome browser
- CORS cookie not saved in browser
- Browser not saving cookie for explicit domain
- Cookies missing in OPTIONS request