0

I am call api after login and in login response header set-cookie is pass and cookie set in browser. but when i am try to make other request there is no cookie pass in request header. i have try to add withcredential = true and also allow CORS with all required headers. cookie set in browser in login response

.AspNetCore.Identity.Application    
expires 2018-07-27T14:26:34.000Z
httpOnly    true
path    /
secure  true
value   CfDJ8IpQ2KMnnJJCu-Bxqp-xHNOQGuT6Ig74z_z6fhAba0WGCMyq7er9Zo87dX36mvr3vHm827XQFM_8cNQiv811mitpYZ4rRVRp4iV3RfpDkqGL-4UizEGUkJfSxxkFzIbVEEJNwIJXf5iFFlbC7Fw8zKDn7DYJN70iniH4HE-bzqJ4KXSsKnCyqePsYyi6iJ0_Rkk_TiE-TXggnFqrU_8n5XPcYaRVeinAeHRZ2xmJbcVrOwFAV1-D8zwgpnJxs2WaLsM9h5IoqdV1wOwyT-Awoy0QqAtTiUPs5h5Gh52HubsBcWLPKE_FbzfmK_1HsDGH1e1PIHYJaIgLx-q0trTSGK-22wvOnqMipax94zoO6mfF2Pbrz7NM-eJBBCTkSoNYXVIj8EpRPJXhk8uLKC9rqon2hA4qHpnrUWWdz1LT7FYzHjnhAx3hctXr2laQgc3ipT410zI15tl5XIIjEbqr9D5E6o-4MkcSCLsHCLkaurSmoQWF2VRQ8OuVHFz6Z7XTu7myAsCFWf3INcV-WBtJY6l9Luk2D7uenofPGFZ8D4fDL0oaPqvAKve6N8r2Q_eDXEVf-

see my code

Request header from browser console
Accept  application/json, text/plain, */*
Accept-Encoding gzip, deflate, br
Accept-Language en-US,en;q=0.5
Access-Control-Allow-Credentials    true
Connection  keep-alive
Content-Length  27
Content-Type    application/x-www-form-urlencoded
Host    localhost:44354
Origin  http://localhost:4200
Referer http://localhost:4200/changepassword
User-Agent  Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/61.0
withCredentials true

my code:- 

changePassword(changePasswordModel: ChangePassword): Observable<ApiResponse> {
    const body = JSON.stringify(changePasswordModel)

     let enco : any = new HttpHeaders()
        .set('Content-Type', 'application/x-www-form-urlencoded')
        .set('withCredentials', 'true')
        .set('Access-Control-Allow-Credentials', 'true');

    return this._httpClient.post(this.identityAPIEndPoint + 'Account/ChangePassword', body, { headers: enco, withCredentials: true}).pipe(
      map((response: Response) => <ApiResponse>response.json()));
  }

i am using angular 5 with HttpClient For Post Request. Is i am mission something. Please give me hint.

Thank you,

Vinit Patel
  • 2,408
  • 5
  • 28
  • 53

1 Answers1

0

I think that your problem here is the scope of your cookie. For more see the Scope of cookies section here.

So you should set the same path for all your pages so the cookie will be available from all pages. For example, you can set the path to be / or the base path of your application.

Access-Control-Allow-Credentials is a response header so it should be provided in the response and not in the request: see here.

And the withCredentials option isn't an HTTP header at all it's an option which should be passed in the options object: see this link.

Also, read this article for more about CORS.

hakobpogh
  • 632
  • 6
  • 13
  • Hello thanks for reply but my cookie path is alreay same as you said like "/", see i have add my cookie which set in browser – Vinit Patel Jul 13 '18 at 14:25
  • can you also provide the URLs of calls you're making for login and for the second call also? – hakobpogh Jul 13 '18 at 14:31