0

I'm using cookies for requests authorisation. Requests are sent to https://myDomain When I deploy my project to https://myDomain, everything is ok, I see Cookie in a request headers. The problem is when I test my app locally, and there is no Cookie in the request headers sent from http://localhost:port

How to set up test environment for Cookie is sent from http://localhost:port to https://myDomain?

olegzhermal
  • 799
  • 10
  • 26
  • [Cookies are domain-specific](https://stackoverflow.com/questions/12370495/share-a-cookie-between-two-websites). If you want to share it/them, you could send a request from the browser to _https://myDomain_ including the cookie values in POST or GET parameters, and have a script on myDomain which takes those parameters and returns them in a `Set-Cookie` header, but you'll have to do it yourself – blex Apr 04 '20 at 18:29
  • @blex You mean include cookies as some custom headers in requests? – olegzhermal Apr 04 '20 at 18:39
  • Headers could work too. But in any case, you'll have to do something on the `myDomain` server so that these headers (or parameters, does not matter) are either A) considered as an alternative to cookies - if you don't mind sending them yourself with every single request - , or B) to convert them to cookies by including a `Set-Cookie` in the response headers - only once, then cookies will work normally if you don't need to change them after that. In any case, it's not very practical, since cookies are not meant to be shared across domains – blex Apr 04 '20 at 18:48
  • A third option which would make things easier: [make `local.mydomain.com` point to `127.0.0.1`](https://superuser.com/questions/559623/i-have-a-domain-name-that-i-want-to-redirect-to-my-local-server-how-do-i-do-thi/559628), and set your cookie's domain to `.mydomain.com`. Now you can share cookies if you access `local.mydomain.com` in your browser instead of `localhost`. But [be aware of this](https://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http) – blex Apr 04 '20 at 18:55
  • @blex Thanks for your comments. The solution with header is already implemented. I just thought that there is a way to set some setting on server in a separate environment – for development only (it surely would be insecure) – that the server would accept cookies from any domain (including localhost). – olegzhermal Apr 04 '20 at 18:56

0 Answers0