Fail to save Set-cookies data to browser

[darrenchiu]

I am using Chrome 48 and found that it is not able to save the set-cookies details into the browser and therefore I am not able to use isomorphic-fetch to do any cookies/ login related api request. I have been calling an api by code like this: fetch("/accounts/register/", { method: 'post', headers: { "X-CSRFToken": CSRF.getToken(), "Accept": 'application/json', "Content-Type": 'application/json' }, body: JSON.stringify(payload) }).then(response => { if (response.status == 302) { dispatch(receiveRegistration()) return Promise.reject() } else { return response } }).then(response => response.json().then(json => ({json, response})) ).then(({ json, response }) => { if (!response.ok) { dispatch(failRegistration(json)) } else { dispatch(receiveRegistration()) } })

Please kindly advise if I have been using isomorphic-fetch wrongly or this is actually caused by the underlying "fetch polyfilly" library.

Thanks a lot.

[qubaomingg]

@darrenchiusw I came across the same scene. I debug for a long time and it turn out it's the bug of isomorphic-fetch, which works well when I change to jquery.

[qubaomingg]

isomorphic-fetch only set the cookie of Response-Cookie, none of the Request-Cookie.

[luckydrq]

isomorphic-fetch only set the cookie of Response-Cookie, none of the Request-Cookie.

@freestyle21 i still got puzzled. According what you said, isomorphic-fetch should save cookies set by server successfully. Related issue: https://github.com/koajs/koa/issues/689

[qubaomingg]

@luckydrq when we use isomorphic-fetch to send an HTTP GET Request，it cannot carry browser cookie to Request Header only if we set option {credentials: 'same-origin'}

here is the document: https://github.com/github/fetch#sending-cookies

[luckydrq]

yes, i've read that section. But what this issue addresses is how to save cookies to browser, it's about receiving not sending, am i right?

[qubaomingg]

@luckydrq yeah. about receiving not sending, it's also the scene I came cross. I found if there is no {credentials: 'same-origin'} ,isomorphic-fetch would't send browser cookie in get request, and then browser would't save cookies even if the response carried cookies.

then I found jquery ajax send cookies either receiving or sending, and when I add the credentials it works well. so I guess that's the key.

[luckydrq]

It's weird. In your case in https://github.com/koajs/koa/issues/689, the requests are all belong to the same domain which is 9.xiaojukeji.com, i think {credentials: 'same-origin'} is not necessary. Did i miss something?

[qubaomingg]

maybe isomorphic-fetch set credentials by empty or other value default.

and the document has said :

`To automatically send cookies for the current domain, the credentials option must be provided`

https://github.com/github/fetch#sending-cookies

I think this is weird too.

[luckydrq]

Alright, i'll keep on studying on this. If you find any detail please let me know. Thanks :D

[skyFi]

i have a same problem...

[firemanxx]

Same problem, anyone has a s solution? That should be much appreciated.

[grillermo]

My call to fetch endeup like this fetch(url, {credentials: 'same-origin'}) And it worked for me!

[tiendq]

My fetch request strangely returned 302 code then I found that it didn't include cookies so not authenticated properly on the server.

{ credentials: 'same-origin' } works.

[vctt94]

Same problem, anyone with a solution? I'd appreciate

[0t3dWCE]

Have just solved. Just two f. days of brutforce

For me the secret was in following:

1. I called POST /api/auth and see that cookies are successfully received.
2. Then calling GET /api/users/ with credentials: 'include' and got 401 unauth, because of no cookies were sent with the request.

The KEY is to set credentials: 'include' for the first /api/auth call too.