Cliente (react) not receiving cookies with node js backend-CodePudding

With node js backend, client (react) does not receive cookies, I added headers withCredentials: true to the requests, I tried app.set("trust proxy",1) on the backend, but it still does not send cookies to the client, my node js server is heroku and if client is netlify

sample request

 axios(`${client}api/auth/login`, {
      method: "POST",
      mode: "cors",
      redirect: "follow",
      header: {
        "accept ": "application/json",
        withCredentials: true,
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Credentials": true,
      },

index.js (server side)

app.use(cookieParser());
app.set("trust proxy", true);
app.use(helmet());
app.use(helmet.frameguard({ action: "deny" }));
app.use(
  cors({
    origin: "*",
    credentials: true,
    methods: "GET,POST,PUT,DELETE",
    optionsSuccessStatus: 200,
  })
);

app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use((req, res, next) => {
  res.header("Set-Cookie", "HttpOnly;Secure;SameSite=None");
  next();
});

app.use(
  session({
    secret: config.sessionSecret,
    cookie: {
      maxAge: 1000 * 60 * 60 * 24 * 7,
      httpOnly: true,
    },
    resave: true,
    saveUninitialized: false,
    cookie: {
      sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
      secure: process.env.NODE_ENV === "production",
    },

CodePudding user response：

You have to set ExpressJS headers.

app.use(function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "http://localhost:3000"); // update to match the domain you will make the request from
    res.header(
        "Access-Control-Allow-Headers",
        "Origin, X-Requested-With, Content-Type, Accept"
    );
    res.header("Access-Control-Allow-Credentials", "true");
    next();
});