Skip to content

Set Cookie Cross Site #913

New issue
New issue
Closed
Closed
Set Cookie Cross Site#913
@fiwz

Description

@fiwz
fiwz
opened on Sep 21, 2022

Hello

Thank you in advance for creating this package

I have issue in my login feature, the session is not set in frontend area
The backend hosted in (example) mybackend.com and frontend is hosted in myfrontend.com

Here I attach my express code:
`
app.set('trust proxy', 1);

const sessionMiddleware = session({
store: new RedisStore({
client: redisClient
}),
secret: 'keyboard cat',
saveUninitialized: true,
resave: true,
proxy: true,
cookie: {
secure: true,
sameSite: 'none',
httpOnly: false,
}
});

app.use(function(req,res,next){
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header("Access-Control-Allow-Headers", "Accept, Origin, Content-Type, Authorization, X-Requested-With, Cookie, Set-Cookie");
res.header('Access-Control-Allow-Credentials', 'true');
res.header('set-cookie', 'mycookie=example; SameSite=None; Secure');

next();

});

app.use(sessionMiddleware);
`

I use apache servers and add this line, but it seems like it is not affected
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}

Refferenced issue: #769

Only the mycookie is set
Result:
result

Is there any way to solve the cross site issue?
Thank you

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions