6

For an Angular 5 app, I have an auth service that does a HTTP POST which returns the session cookie (CORS) as shown below in the code below:

signIn(signInRequest: SignInRequest): Observable<SignInResponse> {
   let headers: Headers = new Headers();   
   headers.append('Content-Type','application/json');  
   return this.http
              .post("/login", {email:  signInRequest._email,password:signInRequest._password}, { headers: headers, withCredentials: true })
  .map(this.extractData)
  .catch(this.handleErrorObservable);}

The response of the header contains the set-cookie as shown below:

enter image description here

and the request header is the following:

enter image description here

I know that the browser should be setting the cookie response. Why is it not doing it?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Hamza Adli
  • 61
  • 2
  • I have a similar question I am struggling with and about to post a bounty on. https://stackoverflow.com/questions/49352181/cookie-created-in-webapi-response-is-never-sent-in-subsequent-client-requests-s – ttugates Mar 20 '18 at 19:05
  • maybe related to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers ? – Jota.Toledo Mar 20 '18 at 20:05
  • @Jota.Toledo the cookie is being returned in the response header so not sure what to expose here ? – Hamza Adli Mar 20 '18 at 20:17
  • @ttugates same as you, i have been struggling with this the past two days. – Hamza Adli Mar 20 '18 at 20:18
  • Its my first time to ever work with cookies, so before your post, I assumed I was missing something obvious.. Just added 50pt Bounty to my SO. – ttugates Mar 20 '18 at 20:19
  • @HamzaAdli the fact that you can see them in dev tools doesnt mean that scripts can access to them AFAIK – Jota.Toledo Mar 20 '18 at 20:37

1 Answers1

1

Your frontend is hosted on localhost:4200 and your backend is hosted on api.safra.me. By default, your browser won't send the cookies along the request unless you use the withCredentials in the login request as you already did, and all of the subsequent requests.

Guerric P
  • 30,447
  • 6
  • 48
  • 86