Comments (5)
joewagner
commented on April 28, 2024
1
@adamkb33 If you are using two different domains for production, i.e. one for your api and one to serve your html+css+js, then those two domains are not going to have access to the same cookies without setting up CORS. Even then browsers don't always behave the same so things can be tricky.
Here is a good SO question+answer that might help you find a solution: https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests
FWIW IMO the simplest and most likely to be secure is setting up a reverse proxy so everything lives under the same domain.
from cookie-parser.
dougwilson
commented on April 28, 2024
It is probably no an issue with this package, as this package has no functionality to set cookies at all. It just reads the incoming Cookie header and places them in to req.cookies. All of the API is documented in the README here. Are you getting a Cookie header from the client?
from cookie-parser.
adamkb33
commented on April 28, 2024
Thanks for answering even if this has nothing to do with the package... I just have struggled to understand how setting cookies and getting cookies works.
I am getting the cookie to the client. But it is not setting the cookie. My first approach was to set the cookie manually inn the client but was wondering if there was a easier way since i works on local host. But i have read that this type of approach work only on same site i.e between subdomains. Can you confirm this?
from cookie-parser.
dougwilson
commented on April 28, 2024
I totally understand, cookies can be complex with various security segments in the web browsers. I have to admit, my front end knowledge is rusty, especially with all the changes the web browsers keep making. I'm not sure how to answer your question, I am sorry.
from cookie-parser.
AtilMohAmine
commented on April 28, 2024
Based on the information provided, it appears that you've correctly identified the potential need for adjusting the SameSite attribute to 'None' in your cookie options to facilitate cross-site requests. This adjustment is crucial for enabling proper functionality, particularly in production environments.
response.cookie('jwt', accessToken, {
maxAge: 15 * 60 * 1000,
httpOnly: true,
secure: env === 'production' ? true : false,
sameSite: 'None'
});To delve deeper into this topic, please refer to the MDN documentation.
from cookie-parser.
Related Issues (20)
- Cookie Parser not reading signed cookies HOT 2
- Reading duplicated cookies HOT 5
- Docs on signedCookie seem to be off HOT 1
- How to sign a cookie manually? HOT 1
- create and remove cookies HOT 1
- Specific cookie kinda broken HOT 7
- cookieParser.signedCookie seems to not work properly HOT 5
- How to change/set domain, seems impossible? HOT 1
- Cookies values with "j:" prefix should not be parsed as JSON by default HOT 4
- signedCookie is unlikely to be used correctly HOT 1
- How do I clear the cookie(s)? HOT 1
- Inaccurate docs about JSONCookie, JSONCookies, signedCookie and signedCookies HOT 3
- Clear Cookies Feature? HOT 1
- My cookies automatically expire after 30 minutes HOT 1
- Get Metadata from cookie HOT 1
- [ FEATURE ] Support for ES6 imports HOT 1
- Provide types for the cookies in typescript HOT 5
- cookie 0.5.0 HOT 2
- Node.js v20.9.0 fetch API can't get set-cookie header set by cookie-parser HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookie-parser.