set cookie on client browser from rest endpoint ?

jedireza / aqua

:bulb: A website and user system starter

https://jedireza.github.io/aqua/

MIT License

1.38k stars 356 forks source link

set cookie on client browser from rest endpoint ? #234

Closed walshe closed 7 years ago

walshe commented 7 years ago

hi again, maybe you know the answer to this..

I am trying to store a cookie e.g 'xxx' on the client from a rest endpoint in the app e.g. api/bla , so that I can grab request.state.xxx inside my other routes.

I notice that when i set the cookie from a rest endpoint it is not visible in the browser, and does not get passed to regular browser routes when I hit browser paths e.g. localhost:8080/users

however I notice that the cookie IS available in other restful routes e.g. api/foo

is there someway of telling the xhr library to store the cookie in the browser ? I tried the 'withCredentials' config but it didnt work

hope you can help thanks

walshe commented 7 years ago

actually I just noticed that after using xhr's 'withCredentials:true', that the set-cookie instruction is now in the rest response, however its still not showing up in the chrome dev tools cookie pane .. :(

cache-control:no-cache
Connection:keep-alive
content-encoding:gzip
content-type:application/json; charset=utf-8
Date:Thu, 10 Aug 2017 17:17:57 GMT
set-cookie:anothercookie=avaluesetbyaRESTendpoint; SameSite=Strict
strict-transport-security:max-age=15768000
Transfer-Encoding:chunked
vary:accept-encoding
x-content-type-options:nosniff
x-download-options:noopen
x-frame-options:DENY
x-xss-protection:1; mode=block

walshe commented 7 years ago

finally figured it out - these two changes are necessary

add withCredentials to jsonfetch xhr config

const jsonFetch = function (options, callback) {

    const cookies = Cookie.parse(document.cookie);
    const config = {
        url: options.url,
        method: options.method,
        withCredentials: true,
        headers: {
            'Accept': 'application/json',
            'Content-Type': 'application/json'
        }
    };

and when creating a cookie , add a path

server.state('mycookiename', {  
            ttl: 1000 * 60 * 60 * 24,    // cookie data is JSON-stringified and Base64 encoded
            path: '/'
          });

jedireza commented 7 years ago

Should we close this?

walshe commented 7 years ago

dunno man, something is not working right for me.. here is my auth . (after i validate with google i put jwt in a cookie in another component, that all works fine, and the following works good too)

server.auth.strategy('session', 'cookie', {
        password: Config.get('/cookieSecret'),
        cookie: Config.get('/cookieName'),
        isSecure: false,
        redirectTo: '/',
        appendNext: 'returnUrl',
        validateFunc: function (request, data, callback) {
            //we simply validate the jwt token that we put in a cookie
            jwtVerificationService.verifyJWT(data, function(err){
                if(err){
                    callback(err, false);
                }else{
                    callback(null, true);
                }

            });
        }
    });

    next();

But when I delete the cookie manually so that I can test the authentication on the rest endpoint, althought the rest call returns 401, it does not call that callback as mentioned above.. it just does the dispatch and doesnt come back

jedireza commented 7 years ago

Are you talking about https://github.com/jedireza/aqua/issues/238 or this issue?

walshe commented 7 years ago

sorry, I meant 238 yes

jedireza commented 7 years ago

Ok I'm going to close this issue.