Closed adamkb33 closed 6 months ago
dougwilson
commented
1 year ago It is probably no an issue with this package, as this package has no functionality to set cookies at all. It just reads the incoming Cookie header and places them in to req.cookies. All of the API is documented in the README here. Are you getting a Cookie header from the client?
adamkb33
commented
1 year ago Thanks for answering even if this has nothing to do with the package... I just have struggled to understand how setting cookies and getting cookies works.
I am getting the cookie to the client. But it is not setting the cookie. My first approach was to set the cookie manually inn the client but was wondering if there was a easier way since i works on local host. But i have read that this type of approach work only on same site i.e between subdomains. Can you confirm this?
dougwilson
commented
1 year ago I totally understand, cookies can be complex with various security segments in the web browsers. I have to admit, my front end knowledge is rusty, especially with all the changes the web browsers keep making. I'm not sure how to answer your question, I am sorry.
joewagner
commented
1 year ago @adamkb33 If you are using two different domains for production, i.e. one for your api and one to serve your html+css+js, then those two domains are not going to have access to the same cookies without setting up CORS. Even then browsers don't always behave the same so things can be tricky. Here is a good SO question+answer that might help you find a solution: https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests FWIW IMO the simplest and most likely to be secure is setting up a reverse proxy so everything lives under the same domain.
AtilMohAmine
commented
9 months ago Based on the information provided, it appears that you've correctly identified the potential need for adjusting the SameSite attribute to 'None' in your cookie options to facilitate cross-site requests. This adjustment is crucial for enabling proper functionality, particularly in production environments.
response.cookie('jwt', accessToken, {
maxAge: 15 * 60 * 1000,
httpOnly: true,
secure: env === 'production' ? true : false,
sameSite: 'None'
});To delve deeper into this topic, please refer to the MDN documentation.
UlisesGascon
commented
6 months ago I will close this issue, but feel free to reopen it if needed :+1:
Hi am i using you cookie parser library in my nest js project. I am manly using your library for authentication.
I am trying to set a cookie called "jwt" when user has completed the authentication process. This is how the code looks like,
This works as expected inn localhost but when i deploy the code it does not set the cookie. Also no errors or warnings are fired. I have messed around allot with the options but i could not set the cookie.
This is not a issue with your package i am just looking for guidance on how to handle this since you have worked with this. I have searched everywhere on why cookies are not setting but there is no concrete answer. Most of the answers are suggestions on modifying the options.
Sorry if this is a stupid question, but i have had trouble with this for 2 weeks now. If this is not a appropriate question, just let me know and i will take it down.
Thanks!