axios is not sending header/cookie data, even with withCredentials set to true

Question

I am not using an express server, I'm just running my app in Node.

In this process, I am sending a request to a URL, in order to retrieve cookies and headers needed to make the request that follows afterward.

However, the second request is failing because it's not being sent the headers/cookies from the previous response.

Here is my entire code:

const client = axios.create({
  withCredentials: true,
  proxy: {
    host: "192.168.0.137",
    port: 9393,
  }, //Fiddler proxy
});
client
  .post("https://auth.riotgames.com/api/v1/authorization", {
    acr_values: "urn:riot:bronze",
    claims: "",
    client_id: "riot-client",
    nonce: 1,
    redirect_uri: "http://localhost/redirect",
    response_type: "token id_token",
    scope: "openid link ban lol_region",
  })
  .then(() => {
    client
      .put("https://auth.riotgames.com/api/v1/authorization", {
        type: "auth",
        username: "testuser1",
        password: "testpassword1",
        remember: false,
        language: "en_GB",
        region: "EUW1",
      })
      .then((response) => {
        console.log(response);
      })
      .catch((err) => {
        console.log(err.response);
      });
  });

As you can see, I am using a fiddler proxy in order to see what headers are being sent.

So these are the headers I receive from the first response:

HTTP/1.1 200 OK
Date: Fri, 16 Oct 2020 10:20:19 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 31
Connection: close
Set-Cookie: __cfduid=db46ba3cac5fd35ddf03f3b3819d24fac1602843619; expires=Sun, 15-Nov-20 10:20:19 GMT; path=/; domain=.riotgames.com; HttpOnly; SameSite=Lax
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
etag: W/"1f-+CND8IPJ6eMbm0SU/bb85j/SB6c"
expires: 0
pragma: no-cache
surrogate-control: no-store
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
CF-Cache-Status: DYNAMIC
cf-request-id: 05d285c8d90000003971b81000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-RiotGames-CDN: Cloudflare
Set-Cookie: did=9c1d9dff853c4ec59c6e0608d5f17c6d; Max-Age=31536000; Path=/; Expires=Sat, 16 Oct 2021 10:20:19 GMT
Set-Cookie: asid=_9gHl9TckOeZTpDI_Rpj19q3xIjPsTYqLc0R2k5GFBk.g%2BDgPnqvXbA%3D; Path=/; HttpOnly; Secure
Set-Cookie: clid=ec1; Path=/; HttpOnly; Secure
Set-Cookie: __cf_bm=65c675be473c63ab14bd318503ee53867d03155e-1602843619-1800-AQofj7huRNdHZaAWwN+WiQwSFv+jAuget1G0wVUTD5MQbqBkuACkj3nb7+E8kfAR/IImwtA1+gEqhjCL7C/3bGc=; path=/; expires=Fri, 16-Oct-20 10:50:19 GMT; domain=.riotgames.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 5e310bee2f090039-MAN

And then in the second request, I take a look at the headers, and none of these are being sent at all:

PUT /api/v1/authorization HTTP/1.1
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=utf-8
User-Agent: axios/0.20.0
Content-Length: 117
host: auth.riotgames.com
Connection: close

I'm very confused about this. Why aren't the cookies being stored? I've set withCredentials to true, so it should work?

Answer 1

Okay, so I solved this by taking a manual approach to it. Instead of relying on Axios to store and send cookies, I simply retrieved the "set-cookie" headers and set the cookies manually in my next request:

const cookies = response.headers["set-cookie"];
client
  .put(
    "https://auth.riotgames.com/api/v1/authorization",
    {
      type: "auth",
      username: "testuser1",
      password: "testpassword1",
      remember: false,
      language: "en_GB",
      region: "EUW1",
    },
    {
      headers: {
        Cookie: cookies,
      },
    }
  )