Closed walshe closed 7 years ago
actually I just noticed that after using xhr's 'withCredentials:true', that the set-cookie instruction is now in the rest response, however its still not showing up in the chrome dev tools cookie pane .. :(
cache-control:no-cache
Connection:keep-alive
content-encoding:gzip
content-type:application/json; charset=utf-8
Date:Thu, 10 Aug 2017 17:17:57 GMT
set-cookie:anothercookie=avaluesetbyaRESTendpoint; SameSite=Strict
strict-transport-security:max-age=15768000
Transfer-Encoding:chunked
vary:accept-encoding
x-content-type-options:nosniff
x-download-options:noopen
x-frame-options:DENY
x-xss-protection:1; mode=block
finally figured it out - these two changes are necessary
add withCredentials to jsonfetch xhr config
const jsonFetch = function (options, callback) {
const cookies = Cookie.parse(document.cookie);
const config = {
url: options.url,
method: options.method,
withCredentials: true,
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
}
};
and when creating a cookie , add a path
server.state('mycookiename', {
ttl: 1000 * 60 * 60 * 24, // cookie data is JSON-stringified and Base64 encoded
path: '/'
});
Should we close this?
dunno man, something is not working right for me.. here is my auth . (after i validate with google i put jwt in a cookie in another component, that all works fine, and the following works good too)
server.auth.strategy('session', 'cookie', {
password: Config.get('/cookieSecret'),
cookie: Config.get('/cookieName'),
isSecure: false,
redirectTo: '/',
appendNext: 'returnUrl',
validateFunc: function (request, data, callback) {
//we simply validate the jwt token that we put in a cookie
jwtVerificationService.verifyJWT(data, function(err){
if(err){
callback(err, false);
}else{
callback(null, true);
}
});
}
});
next();
But when I delete the cookie manually so that I can test the authentication on the rest endpoint, althought the rest call returns 401, it does not call that callback as mentioned above.. it just does the dispatch and doesnt come back
Are you talking about https://github.com/jedireza/aqua/issues/238 or this issue?
sorry, I meant 238 yes
Ok I'm going to close this issue.
hi again, maybe you know the answer to this..
I am trying to store a cookie e.g 'xxx' on the client from a rest endpoint in the app e.g. api/bla , so that I can grab request.state.xxx inside my other routes.
I notice that when i set the cookie from a rest endpoint it is not visible in the browser, and does not get passed to regular browser routes when I hit browser paths e.g. localhost:8080/users
however I notice that the cookie IS available in other restful routes e.g. api/foo
is there someway of telling the xhr library to store the cookie in the browser ? I tried the 'withCredentials' config but it didnt work
hope you can help thanks