Golang Gin Set Cookie not setting in Browsers
Karthik
kumarkarthik9656 at gmail.com
Thu Jun 8 12:10:25 UTC 2023
So I have a backend golang gin api hosted at domainA.com , I also
have a frontend Next.js web app hosted at domainB.com . So I have
a login page were users will login, the fetch call goes to
domainA and if they login correctly a set cookie JWT is sent back
to the client so the cookie can be stored on the browser. I have
set credentials to be true on both back and front end. The front
end fetch looks like this
const resp = await fetch(
domainB + loginendPoint,
{
method: 'POST',
body: requestBody,
credentials: "include",
}
);
The backend cors set up looks like this
r := gin.Default()
config := cors.DefaultConfig()
config.AllowAllOrigins = false
config.AllowOrigins = append(config.AllowOrigins,
"http://localhost:3000")
config.AllowOrigins = append(config.AllowOrigins,
"https://domainB.com")
config.AllowCredentials = true
r.Use(cors.New(config))
and the handler in the backend sets the cookie with
c.SetSameSite(http.SameSiteNoneMode)
c.SetCookie("nameofCookie", jwtSignedToken,
int(time.Now().Add(time.Hour*24).Unix()), "", "", true, false)
where secure is true and httpOnly is false. I have this working
no problem locally, but in production with different domains, my
browser is getting the setcookie header correctly, it doesn't say
it is blocked at all but the browser isn't setting the cookie.
Any help would be great. Thank you for your time.
I have tried all types of configurations with cors and front end.
Spent the better part of 10 hours trying to fix this but no luck.
More information about the Digitalmars-d
mailing list