honzza dvorak
Reputation: 36
React.js + Express on Node.js: What is the correct cookie setting for cross-site requests?
I just want to share cookie setup for cross site requests (FE hosted on Firebase, BE hosted on Heroku) that I wasn't able to find anywhere, just a piece of info there and a piece of info somewhere else.
The setup is as follows:
React.js (Firebase) - fetch requests to the backend Node.js + Express (Heroku). Using cookie-session and cors. Please see the answer below. Hope it helps save your time.
Upvotes: 0
Views: 244
Answers (1)
honzza dvorak
Reputation: 36
This is what has worked for me:
const cookieSession = require("cookie-session");
const cookieParser = require("cookie-parser");
const cors = require("cors");
// Set session cookies
app.set("trust proxy", 1);
app.use(
cookieSession({
name: "session",
keys: [process.env.COOKIE_KEY],
maxAge: 86400000,
sameSite: "none",
secure: process.env.NODE_ENV === "production",
})
);
app.use(cookieParser());
// Set up cors
app.use(
cors({
origin: process.env.CLIENT_PATH,
methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
credentials: true,
})
);
Fetch request from React:
fetch(url,
{
method: "GET",
credentials: "include",
headers: {
Accept: "application/json",
"Content-Type": "application/json",
"Access-Control-Allow-Credentials": true,
},
}
);
Upvotes: 1
Related Questions
- React/Express set-cookie not working across different subdomains
- Session cookie not sending with XHR requests
- Why is cookie not set with express?
- Cookies not being sent despite credentials: "include"
- express.js and react.js cookie saved to browser but not working?
- Express/React with CORS - Setting HTTP-Only Secure Cookie for React SPA
- React Cookies in Server Side Rendering (Node/Express)
- set cookie cross origin
- Correct way to set server side cookies for sessions
- Node.js cors req.headers.cookie?