Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

setting cookies via fetch and the proxy webpack dev server

See original GitHub issue

Been at this problem for a while, appreciate any help. I’m using CRA with the proxy enabled in the webpack dev server to let me communicate to a Python API server running locally. I’m now trying to get cookie based authentication to work via the proxy by running an initial fetch (with credentials: 'include' set) that receives a cookie from the API server in the response.

So I’m getting the response from the server, and I see the Set-Cookie header present and with a cookie in the response, but the cookie is not making its way into other subsequent request. I know setting cookies are a browser’s job, but I think here the browser is not setting it. Also I’m thinking could be something to do with the proxy set up? The proxy is somewhat of a cross-origin situation, so maybe the browser is choosing to silently not set the cookie. Including my request headers below for reference if it helps:

Request Headers seen in Browser dev tools

POST /login HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 253
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 etc...
content-type: multipart/form-data; boundary=----WebKitFormBoundaryKyB0fAkKFhnDbTx9
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6

Request Headers as received by Python server (via proxy)

Referer: http://localhost:3000/
X-Forwarded-Host: localhost:3000
Origin: http://0.0.0.0:5000
Content-Length: 253
User-Agent: Mozilla/5.0 etc...
Connection: close
X-Forwarded-Proto: http
Host: 0.0.0.0:5000
Accept: */*
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
X-Forwarded-For: 127.0.0.1
X-Forwarded-Port: 3000
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryeRTWYCMPpjO6jfD1
Accept-Encoding: gzip, deflate, br

Response Headers sent back as seen in Browser dev tools

HTTP/1.1 200 OK
X-Powered-By: Express
content-type: application/json
content-length: 42
set-cookie: session=<cookie-data>; HttpOnly; Path=/
server: Werkzeug/0.11.3 Python/2.7.12
date: Wed, 12 Jul 2017 21:39:58 GMT
connection: keep-alive
Vary: Accept-Encoding

Thanks

related issues I found here: #2159 #828

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:4
  • Comments:7 (1 by maintainers)

github_iconTop GitHub Comments

13reactions
HUSSTECHcommented, Sep 7, 2017

Hi @PabloMessina, the credentials directive is not part of the headers object, it is its own option. So try something like this:

response = fetch(uri, {
    method: 'POST',
    body: body,
    headers: {stuff..},
    credentials: 'include'
})
2reactions
sripadkollurcommented, Apr 21, 2018

The solution provided by HUSSTECH did not work for me. The browsers don’t allow reading forbidden headers like ‘set-cookie’ from response and browser also does not allow setting ‘Cookie’ header. So I resolved this issue by reading cookie in onProxyRes and saving it in a variable and setting the saved cookie on following request in onProxyReq method.

let cookie;
devConfig.devServer = {  
  proxy: {
    '*': {
      target: https://target.com,
      secure: false, 
      changeOrigin: true, 
      onProxyReq: (proxyReq) => {
        proxyReq.setHeader('Cookie', cookie);
      },
      onProxyRes: (proxyRes) => {
        Object.keys(proxyRes.headers).forEach((key) => {
          if (key === 'set-cookie' && proxyRes.headers[key]) {
            const cookieTokens = split(proxyRes.headers[key], ',');
            cookie = cookieTokens.filter(element => element.includes('JSESSIONID')).join('');
          }
        });
      },
    },
  },
}
Read more comments on GitHub >

github_iconTop Results From Across the Web

Webpack-dev-server, React, Fetch, and Cookies
It just takes a little setup. In your webpack.config.js file you can setup a proxy with something like this: module.exports = merge(common ...
Read more >
webpack-dev-server set cookie via proxy - Stack Overflow
We it is called, it sets a session cookie which expected to passed with subsequent requests. We have used the following config but...
Read more >
Webpack-dev-server, React, Fetch, and Cookies - Morioh
Today's fun. I'm using webpack-dev-server to serve up my React application as I develop it. I'm implementing JavaScript Web Tokens, with Refresh Tokens...
Read more >
http-proxy-middleware - npm
Configure proxy middleware with ease for connect, express, browser-sync and many more. ... npm install --save-dev http-proxy-middleware ...
Read more >
[Solved]-webpack-dev-server set cookie via proxy-Reactjs
[Solved]-webpack-dev-server set cookie via proxy-Reactjs ... cookies ?? devServer: { https: true, < ------------ on cookies host: "127.0.0.1", port: 9090, proxy: ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

npm start gives "Module build failed: Error: Failed to load plugin import: Cannot find module 'eslint-plugin-import'"

Next page

Option to overwrite conflicting files while creating new app