Set Cookie Cross Site
fiwz opened this issue · 1 comments
Hello
Thank you in advance for creating this package
I have issue in my login feature, the session is not set in frontend area
The backend hosted in (example) mybackend.com and frontend is hosted in myfrontend.com
Here I attach my express code:
`
app.set('trust proxy', 1);
const sessionMiddleware = session({
store: new RedisStore({
client: redisClient
}),
secret: 'keyboard cat',
saveUninitialized: true,
resave: true,
proxy: true,
cookie: {
secure: true,
sameSite: 'none',
httpOnly: false,
}
});
app.use(function(req,res,next){
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header("Access-Control-Allow-Headers", "Accept, Origin, Content-Type, Authorization, X-Requested-With, Cookie, Set-Cookie");
res.header('Access-Control-Allow-Credentials', 'true');
res.header('set-cookie', 'mycookie=example; SameSite=None; Secure');
next();
});
app.use(sessionMiddleware);
`
I use apache servers and add this line, but it seems like it is not affected
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
Refferenced issue: #769
Only the mycookie is set
Result:
Is there any way to solve the cross site issue?
Thank you
When we debug the package, we found that even we set and try to set the cookie.secure to true, it is still received that cookie.secure = false. Even the express and both of website running over https.
I will close this case now