I'm trying to receive a session cookie with axios from a django rest framework backend. I'm using django sessions described here.
When I make a post from the command line with httpie, I see several headers, including Set-Cookie with the session token:
http post http://example.com:8000/api/ key1=val1 key2=val2
HTTP/1.1 201 Created
Allow: POST, OPTIONS
Content-Length: 83
Content-Type: application/json
Date: Thu, 17 Jan 2019 08:47:16 GMT
Server: WSGIServer/0.2 CPython/3.6.7
Set-Cookie: session=e30:1gk3KW:PVn6Pgj-gZQhQue6plWCAONePR4;
Domain=*; expires=Thu, 31 Jan 2019 08:47:16 GMT; HttpOnly; Max-
Age=1209600; Path=/; SameSite=Lax
Vary: Accept, Cookie, Origin
X-Frame-Options: SAMEORIGIN
{
<response params>
}
But when I do it from axios, the only response header is Content-Type: application/json.
I went for the kitchen sink approach with the CORS settings:
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
SESSION_COOKIE_DOMAIN = '*'
CSRF_COOKIE_DOMAIN = '*'
CORS_ALLOW_HEADERS = default_headers + (
'Set-Cookie',
)
CORS_EXPOSE_HEADERS = (
'Set-Cookie',
)
but to no avail.
The view doesn't do much:
def post(self, request):
request.session.create()
request.session.save()
return super().create(request)
nor does the axios code:
axios.post(
URL,
{
key1: val1,
key2: val2,
}
)
.then(response => {whatever(response)})
I'm trying to figure out how to receive the other headers in axios, or at least the reason they're not being received in the first place. I get the feeling it has something to do with CORS, but I don't have a good way to debug it.
