Currently I am running front-end app on local machine and the express app is behind nginx on a remote dev server. In express app cors (whitelisting)** is enabled (different config for dev and prod) with **credentials set to true. Front end is in angular(8).some posts on internet says that browsers don't allow setting localhost as domain of http-only cookie set via remote. Although firefox do show response cookie but it does not set it in browser.Also tried google-chrome with web-security disabled but it didn't workedconst cookie=process.env.NODE_ENV==='production'?{ httpOnly: true, maxAge: 3600000, overwrite: true, domain: req.get('origin') }:{ httpOnly: true, maxAge: 3600000, overwrite: true, domain: ".localhost" // also tried domain:localhost // and left out domain key // as per other stackoverflow posts }; res.cookie('cookieName', await generateToken(data),cookie); is it related to nginx or something else and if not on front-end running on local-machine will it work properly if I use req.get('origin') i.e. in production mode where the request will come from original some-website.com
Submitted September 23, 2019 at 02:07PM by u_d_b
No comments:
Post a Comment