Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Api have empty cookies for SSR request

See original GitHub issue

Bug report

Describe the bug

As sad in docs:

API routes provide built in middlewares which parse the incoming request. Those middlewares are: req.cookies - An object containing the cookies sent by the request.

But any API SSR request contain no cookies ({} object).

Also you can’t set cookies for SSR request from api.

Client-side requests at the same time have cookies and and be set from api.

To Reproduce

Run simple server

// pages/user
const User = () => {
  return <div>test</div>
}

User.getInitialProps = async () => {
  const init = await fetch('http://localhost/api/user')
  return { init }
}

//pages/api/user
export default (req, res) => {
   console.log(req.cookies) // will return {} on SSR

   // will not set cookies on SSR
   res.writeHead(200, {
        'Set-Cookie': 'mycookie=test',
        'Content-Type': 'text/plain'
      })
      .end(JSON.stringify('smth'))
}

Expected behavior

req.cookies should contain cookies when page was SSR.
You should be able to set cookies when page was SSR.

System information

OS: [Windows]
Browser [chrome 79.0.3945.88]
Version of Next.js: [9.1.6]

Issue Analytics

State:
Created 4 years ago
Comments:7 (3 by maintainers)

Top GitHub Comments

3reactions

rafaelalmeidatkcommented, Dec 30, 2019

fetch does send cookies by default if the origin of the requests is the same since the default option for credentials is same-origin. It doesn’t work like that when running on the server because the server itself doesn’t store the cookies of previous requests, you need to do as Tim showed and reinclude the cookies from the request headers (because the browser stores the cookies, and will attach them automatically in the headers for each request to the server).

2reactions

ZiiMakccommented, Jan 15, 2020

@ivanhueso i use custom fetch like this:

const fetchHeaders = {
  Accept: 'application/json',
  'Content-Type': 'application/json',
  cookie: ''
}

const fetchAPI = (
  link,
  body,
  req,
  res
) => {
  return new Promise((resolve) => {
    if (req && req.headers.cookie) fetchHeaders.cookie = req.headers.cookie

    fetch(link, {
      method: 'POST',
      headers: fetchHeaders,
      credentials: 'same-origin',
      body: JSON.stringify(body)
    })
      .then(raw)=> raw.json())
      .then(parsed => {
          if (req && res) {
            // SSR
            res.setHeader('Set-Cookie', 'cookie1=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;')
          } else {
            // client
            document.cookie = 'cookie1=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;'
          }
        }

        resolve(parsed)
      })
      .catch((err) => {
        !isProd && console.log(err)
      })
  })
}

export { fetchAPI }