cookies not being set

Question

cookies not being set

tlodge opened this issue 3 years ago · 1 comments

I have been running the vendure 1.4.3 version against vue storefront and it's great - it works really well. However when I try and run it against this repo, it seems like the cookies (in particular vendure-auth-token) is not being set. When I look at the request/response headers when 'addToCart' is called I see:

POST /api/vendure/addToCart HTTP/1.1 Host: localhost:3001 Connection: keep-alive Content-Length: 45 Pragma: no-cache Cache-Control: no-cache sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97" Accept: application/json, text/plain, */* DNT: 1 Content-Type: application/json;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 sec-ch-ua-platform: "macOS" Origin: http://localhost:3001 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost:3001/p/57/soap Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: i18n_redirected=en; vsf-currency=USD; vsf-country=US

and response:

HTTP/1.1 200 OK X-Powered-By: Express Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 Content-Length: 1188 ETag: W/"4a4-4ZSIMf4QP5MZDk0toXdS3kS5cCM" Date: Thu, 20 Jan 2022 19:07:11 GMT Connection: keep-alive Keep-Alive: timeout=5

whereas if I do the same with the working (vendure 1.4.3) version I get the following response:

HTTP/1.1 200 OK X-Powered-By: Express Access-Control-Allow-Origin: * Set-Cookie: vendure-auth-token=82503495c4beea09aa9f8d654f1a7b4a2d9c1d29bf945b1a71850d0fbd8caa4f; Path=/; Expires=Thu, 03 Feb 2022 19:13:34 GMT; HttpOnly; Secure; SameSite=Strict Content-Type: application/json; charset=utf-8 Content-Length: 1188 ETag: W/"4a4-FYdYzBLKghQ99XQEA1RofzwAP60" Date: Thu, 20 Jan 2022 19:15:55 GMT Connection: keep-alive Keep-Alive: timeout=5

i.e. I can see that the vendure-auth-token is being set.

I use the same config for both versions, in particular, for the 1.4.3 devserver package I have:

...
authOptions: {
        disableAuth: false,
        tokenMethod: ['bearer', 'cookie'] as const,
        requireVerification: true,
        customPermissions: [],
        cookieOptions: {
            secret: 'abc',
        },
    },

and I have the same for real-world-vendure. I have also tried:

...
authOptions: {
        disableAuth: false,
        tokenMethod: 'cookie',
        requireVerification: true,
        customPermissions: [],
        cookieOptions: {
            secret: 'abc',
        },
    },

but no luck here either. It means that when I then go to checkout, the when getCart is called, vendure gives:

{"data":{"activeOrder":null},"loading":false,"networkStatus":7,"stale":false}

rather than the details of the cart.

I'm not sure if I'm missing another configuration option or there is something else going on.

Answer 1 · 2022-01-21T11:27:29.000Z

Updated version of @vendure/core and the problem's gone.