Reputation: 369
Browser ignoring Set-Cookie
I have frontend running at https://fe-qa.mydomain.com and backend at https://qa.mydomain.com.
In the Chrome Dev Tools under Network, I can see that when frontend calls https://qa.mydomain.com/foo/bar2, the response includes the following header:
set-cookie:
MY-COOKIE-NAME=mycookievalue; Max-Age=604800; Expires=Thu, 06 Feb 2025 08:00:49 GMT; Path=/foo; Secure; HTTPOnly; SameSite=None
I can't see the cookie in Chrome Dev Tools under Application > Cookies. It is also not getting sent in subsequent calls to https://qa.mydomain.com/foo/bar2.
When I call https://qa.mydomain.com/foo/bar1 from Postman, it picks up the cookie and uses it in subsequent calls to https://qa.mydomain.com/foo/bar2.
What is the reason for this?
Upvotes: 0
Views: 33
Answers (1)
Reputation: 26
Solution:
Ensure the frontend is configured to include credentials (cookies) in the request.
Example for fetch:
fetch('https://backend-api.com/endpoint', {
credentials: 'include'
});
Example for Axios:
axios.get('https://backend-api.com/endpoint', {
withCredentials: true
});
also ensure this header is set
Set Access-Control-Allow-Credentials: true
in the backend response.
Upvotes: 1
Related Questions
- How do I set/unset a cookie with jQuery?
- Set Cookie Recived from Server.com to Client.com application cookie
- Chrome does not return IdentityServer authentication cookie
- Set cookies for cross origin requests
- Does Axios support Set-Cookie? Is it possible to authenticate through Axios HTTP request?
- How to append HttpOnly flag in the existing Set-Cookie response header with Angular UI and .net framework WebApi
- Magento Frontend Cookie is being duplicated