With node js backend, client (react) does not receive cookies, I added headers withCredentials: true
to the requests, I tried app.set("trust proxy",1)
on the backend, but it still does not send cookies to the client, my node js server is heroku and if client is netlify
sample request
axios(`${client}api/auth/login`, {
method: "POST",
mode: "cors",
redirect: "follow",
header: {
"accept ": "application/json",
withCredentials: true,
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
},
index.js (server side)
app.use(cookieParser());
app.set("trust proxy", true);
app.use(helmet());
app.use(helmet.frameguard({ action: "deny" }));
app.use(
cors({
origin: "*",
credentials: true,
methods: "GET,POST,PUT,DELETE",
optionsSuccessStatus: 200,
})
);
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use((req, res, next) => {
res.header("Set-Cookie", "HttpOnly;Secure;SameSite=None");
next();
});
app.use(
session({
secret: config.sessionSecret,
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7,
httpOnly: true,
},
resave: true,
saveUninitialized: false,
cookie: {
sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
secure: process.env.NODE_ENV === "production",
},
CodePudding user response:
You have to set ExpressJS headers.
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "http://localhost:3000"); // update to match the domain you will make the request from
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept"
);
res.header("Access-Control-Allow-Credentials", "true");
next();
});