setting cookies via fetch and the proxy webpack dev server
See original GitHub issueBeen at this problem for a while, appreciate any help. I’m using CRA with the proxy enabled in the webpack dev server to let me communicate to a Python API server running locally. I’m now trying to get cookie based authentication to work via the proxy by running an initial fetch (with credentials: 'include'
set) that receives a cookie from the API server in the response.
So I’m getting the response from the server, and I see the Set-Cookie
header present and with a cookie in the response, but the cookie is not making its way into other subsequent request. I know setting cookies are a browser’s job, but I think here the browser is not setting it. Also I’m thinking could be something to do with the proxy set up? The proxy is somewhat of a cross-origin situation, so maybe the browser is choosing to silently not set the cookie. Including my request headers below for reference if it helps:
Request Headers seen in Browser dev tools
POST /login HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 253
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 etc...
content-type: multipart/form-data; boundary=----WebKitFormBoundaryKyB0fAkKFhnDbTx9
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Request Headers as received by Python server (via proxy)
Referer: http://localhost:3000/
X-Forwarded-Host: localhost:3000
Origin: http://0.0.0.0:5000
Content-Length: 253
User-Agent: Mozilla/5.0 etc...
Connection: close
X-Forwarded-Proto: http
Host: 0.0.0.0:5000
Accept: */*
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
X-Forwarded-For: 127.0.0.1
X-Forwarded-Port: 3000
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryeRTWYCMPpjO6jfD1
Accept-Encoding: gzip, deflate, br
Response Headers sent back as seen in Browser dev tools
HTTP/1.1 200 OK
X-Powered-By: Express
content-type: application/json
content-length: 42
set-cookie: session=<cookie-data>; HttpOnly; Path=/
server: Werkzeug/0.11.3 Python/2.7.12
date: Wed, 12 Jul 2017 21:39:58 GMT
connection: keep-alive
Vary: Accept-Encoding
Thanks
Issue Analytics
- State:
- Created 6 years ago
- Reactions:4
- Comments:7 (1 by maintainers)
Top GitHub Comments
Hi @PabloMessina, the credentials directive is not part of the headers object, it is its own option. So try something like this:
The solution provided by HUSSTECH did not work for me. The browsers don’t allow reading forbidden headers like ‘set-cookie’ from response and browser also does not allow setting ‘Cookie’ header. So I resolved this issue by reading cookie in onProxyRes and saving it in a variable and setting the saved cookie on following request in onProxyReq method.