search

supertokens / supertokens-web-js

SuperTokens SDK for vanilla JS for all recipes
Other
58 stars 10 forks source link

Cookie not included in requests to server, 401 response #87

Closed notflip closed 1 year ago

notflip commented 1 year ago

I've set up an example following the documentation, however when I try to hit a protected route I get a 401 error. I've tried both axios and the native fetch in VueJS.

Protected Route in NodeJS

app.get("/check", verifySession(), (req: SessionRequest, res: Response) => {
    if (req.session) {
        res.end('Authorized!');
    }
    else {
        res.end('Is not Authorized');
    }
});

Session is active in my frontend (vue)

SuperTokens.init({
  appInfo: {
    appName: "SuperTokens Vue ThirdPartyEmailPassword Example",
    apiDomain: "http://127.0.0.1:3001",
  },
  recipeList: [
    // EmailVerification.init(),
    EmailPassword.init(),
    Session.init()
  ],
});

These are the sent request headers (seen in Chrome inspector)

GET /check HTTP/1.1
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en
Connection: keep-alive
Host: localhost:3001
Origin: http://127.0.0.1:5173
Referer: http://127.0.0.1:5173/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Sec-GPC: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="112", "Brave";v="112", "Not:A-Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"

Edit, if I log a message in the Session recipe init, I get the following message

====== Session does not exist. Are you sending the session tokens in the request with the appropriate token transfer method?

Using

Session.init({
    errorHandlers: {
        onUnauthorised: async (message, request, response) => {
            console.log('======', message)
        }
    },
}),
rishabhpoddar commented 1 year ago

When you query the API, what domain are you using? Are you using http://127.0.0.1:3001?

When you sign in, the set-cookie headers are sent in the response, do you see an orange triangle at the end of the set-cookie header value? If yes, what message is shown when you hover on it?

notflip commented 1 year ago

@rishabhpoddar Thanks for getting back, I don't see a triangle with information in the inspector.

Screenshot 2023-04-17 at 07 45 34

notflip commented 1 year ago

@rishabhpoddar My bad, I had localhost mixed up in my axios request, Closing this.