search

nuxt / nuxt

The Intuitive Vue Framework.
https://nuxt.com
MIT License
54.53k stars 4.99k forks source link

when async the withCredentials is flase #4846

Closed ajavaer closed 5 years ago

ajavaer commented 5 years ago

Version

v2.0.0

Reproduction link

https://github.com/nuxt/nuxt.js/issues/new

Steps to reproduce

.

What is expected ?

when async send axios data the withCredentials is flase bug in client it is true

What is actually happening?

when async send axios data the withCredentials is flase bug in client it is true

Additional comments?

when async send axios data the withCredentials is flase bug in client it is true

This bug report is available on Nuxt community (#c8539)
manniL commented 5 years ago

@ajavaer Please provide more details and add a reproduction.

PJLindsay commented 5 years ago

I think I am having an issue with this too. I have project using server session cookie (not jwt) on nuxt with an external API server. My Auth completely stopped working (it's completely broken) after I upgraded nuxt. It is not passing (edit: server session cookie) to the server any more. I am not near my computer now but i will check later to see what version was working. I believe it broke when I upgraded

PJLindsay commented 5 years ago

This is my config...

I believe this was working in nuxt v2.3.1 (maybe - see '17-Nov-2018' note for more detail) and now it is not working. I'm not 100% certain of what version of nuxt I was using when it was working, because I have a lot of nuxt projects, and I was in the middle of upgrading some from nuxt 1.x to nuxt 2.x -- when I go back through my git history for this project, it was set to nuxt-latest....

This is a bit speculative on my part about a possible bug with withCredentials, but I do know my Cookie Login flow used to work on this project and now it is completely broken.

I've tried rolling back to 2.3.1 (deleted node_modules & package-lock) and reset my package.json to point to nuxt 2.3.1, but the nuxt builder version shows as 2.4.3 -- not sure how to roll the nuxt builder back to 2.3.1 -- it is also possible that I was running 1.44 (or earlier)... I made this project on 17-Nov-2018 with

vue init nuxt-community/pwa-template

so I'm not sure what nuxt: "latest" version it would have used (I'm not smart enough with npm or vue init to know what version of nuxt that was on 17-Nov-2018 - but I'm guessing 2.3.1 or 1.4.4??)

I have 2 external APIs - one of them is an accounts server, the other is my api server (with backend business logic)... all of this was working, and it's broken somewhere along my upgrade path.... it's a bit speculative that this a version upgrade broke it, but... seeking assistance to get my project running again.

To be very specific on my issue (which makes me think its a withCredentials problem) -- everything works except for the implicit call to /user (immediately after this.$auth.loginWith() succeeds on the POST to /login...)

what I am seeing is the /user endpoint is being hit (on my api server), but the session cookies (session and signature) from the POST to /login are not being passed to the API server... so it doesn't get past the route guard/security into the API controller. This was working before, but now is broken.

Sorry if this is confusing, but I've spent ~ 30 hours of rolling back various things and tinkering, and I'm a little burnt out.

here's my nuxt config

    strategies: {
      local: {
        endpoints: {
          login: { url: '/login', method: 'post' },
          logout: { url: '/logout', method: 'post' },
          user: { url: '/user', method: 'get' }
        }
      },
      tokenRequired: false,
      tokenType: false
    }
...

  axios: {
    credentials: true, 
    proxy: true,
  },

  proxy: {
    '/api': { target: 'http://localhost:3000/api/v1', pathRewrite: {'^/api/': ''} },
    '/accounts': { target: 'https://accounts.mydomain.com/api/check-access/....' },
  }
PJLindsay commented 5 years ago

@manniL if you want me to open a new issue with better detail, please let me know. I'd love to help to resolve this, and would definitely like to help to "tidy up" @nuxtjs/auth Documentation wrt Cookie Login flow (I find that the documentation is not explicit enough on what differences are needed for Cookie Login flow vs JWT login flow). I believe the only thing I need to be different is tokenRequired: false and tokenType: false for Cookie Login Flow...

PJLindsay commented 5 years ago

ok - so I rolled back to nuxt v1.4.4 (and made some small nuxt config changes for the build) and BOOM! my project is running again. I seriously think there's some sort of issue with Cookie Login flow on nuxt 2.x

PJLindsay commented 5 years ago

is this issue reported in the wrong repo? perhaps it should be put in "auth-module" repo? https://github.com/nuxt-community/auth-module/issues @manniL let me know and I can make a new issue over there if you prefer (then we can close this) - I do know that without changing any code, withCredentials works in nuxt 1.4.4 but not in at least 3 versions of nuxt 2.x

manniL commented 5 years ago

You are right! I think it would fit better in the repo of the auth module.

Don't forget that there are huge internal changes between 1.x and 2.x