0

I made a go server that can do the basics. Now I want to do a request to my server from my node.js frontend (Axios) get a cookie back (for my login system) here is the code for putting the cookie in my response: 

var hashKey = []byte("testkey") //for testing purpopes
var blockKey = []byte(securecookie.GenerateRandomKey(32))

var s = securecookie.New(hashKey, blockKey)
  if encoded, err := s.Encode("cookie-name", value); err == nil {
    cookie := &http.Cookie{
      Name:     "cookie-name",
      Value:    encoded,
      Path:     "/",
      Secure:   true,
      HttpOnly: true,
    }

    http.SetCookie(*w, cookie) // w = *http.ResponseWriter

...

when I use my REST tool to see what I get I can see that the 'set-cookie' header is present. The same is If I inspect in Microsoft Edge I can see the set-cookie header. But if I inspect in Google Chrome then I can't see the header. Also if I look in the cookies tab in both Chrome and edge the cookie is not set.

this is my function that is ran for the request:

async post( url, data, ct ) {
    try {
        const res = await axios.post(url, data, {
            headers: {
                'Content-Type': (ct || "text/plain")
            },
            withCredentials: true
        });
        if (res.status === 200) {
    return res.data;
        }
    } catch (e) {
        console.error(e);
        return false;
    }
}

my Response Headers:

server: nginx/1.14.0 (Ubuntu)
date: Thu, 17 Jan 2019 14:29:07 GMT
content-type: text/plain charset=utf-8
content-length: 4
connection: keep-alive
setcookie:cookiename=MTU0NzczNTM0N3xGOTJYUUw5TFNXZHI2dU9jT3hCeTZUTE5TaTBFNU1XN1F 5WGMzb3c1dGZRUENEU2xPZHFwTXJQLW8zND18_VCYxNVRbIAUrs9_8EcGpTUEiqVyYL_2M5Olbjhnkeg =; Path=/
access-control-allow-origin:https://beta.bvwitteveen.nl
access-control-allow-methods:GET, POST, OPTIONS
access-control-allow-credentials:true
access-control-allow-headers:DNT,User-Agent,X-Requested-With,If- 
ModifiedSince,Cache-Control,Content-Type,Range,Set-Cookie
access-control-expose-headers:Content-Length,Content-Range

Why is my cookie behaving so weird? What am I doing wrong here?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Rick Grendel
  • 303
  • 1
  • 4
  • 14
  • Is this local testing? There are some gotchas with cookies on localhost, see here: https://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain – Adrian Jan 17 '19 at 14:41
  • Yeah, its local but I use the host file in windows and a nginx proxy. that why the access-control-allow-origin is 'https://beta.bvwitteveen.nl' – Rick Grendel Jan 17 '19 at 14:43
  • 1
    Nothing here matches. A Set-Cookie header is wirtten as "Set-Cookie" and not as "setcookie". Your Code uses "cookie-name" while your output shows "cookiename". HttpONly is missing. – Volker Jan 17 '19 at 14:47
  • Yeah its weird because the cookie header generation is handled by `http.Cookie()` – Rick Grendel Jan 17 '19 at 14:51
  • @Volker maybe some kind of formatting is going on? – Rick Grendel Jan 17 '19 at 14:53
  • If this is a "formatting issue" then your code which does the formatting is utterly broken. – Volker Jan 17 '19 at 18:35
  • well, the "formatting" is done by the `http.SetCookie()` function all the code above is the code used for the cookie process – Rick Grendel Jan 18 '19 at 07:37

0 Answers0