2

I have a phoenix server running on heroku, and web application that runs on localhost/127.0.0.1.

What I am trying to do, is login with GitHub OAuth, set jwt token and redirect back to localhost/127.0.0.1 with cookie with token.

This is the response headers after redirection:

enter image description here

As you can see, the cookie is sent correctly, however is not set by the browser.

This is the code responsible for setting cookie and redirection:

"web" -> conn |> put_status(302) |> put_resp_cookie("bearer", jwt, [http_only: false, path: "/"]) |> redirect external: "localhost:8100"

I've been trying solutions proposed here: Cookies on localhost with explicit domain but none of them seems to work.

When I run server locally, everything works fine, however when I change |> redirect external: "localhost:8100" to |> redirect external: "127.0.0.1:8100" the same issue occurs.

Thanks in advance for any help!

Community
  • 1
  • 1
jmac
  • 688
  • 3
  • 15
  • You cannot set cookies on another domain like this. You can send the data back as a URL argument if you want though. Will that be good enough? `|> redirect(external: "http://...:8100?jwt=#{jwt}")`. – Dogbert Apr 21 '17 at 08:55
  • What about security? Is it save to include jwt token in the url? – jmac Apr 21 '17 at 08:58

0 Answers0