- I am having sprin boot application as my back end and vue js in the front end
- Both are running in my localhost but with different ports
- I am using axios to make api calls to my back end server
- My login api works perfetcly and resturns the response with set cookie header
But cookie value not being set in the request header and all other api fails with authentication problem because cookie value (session id) not present in the header
sample response header with set-cookie on authentication
HTTP/1.1 200 OK
X-Powered-By: Express
set-cookie: JSESSIONID=C6A3DE7E13C60F33D777875DB610EED2; Path=/a; HttpOnly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Tue, 12 May 2020 15:20:17 GMT
connection: close
Below is my proxy configuration in vue.config.js
devServer: {
proxy: {
"/": {
target: "http://localhost:8080/abc",
secure: false,
onProxyReq: function(request) {
request.setHeader("origin", "http://localhost:8080/abc");
}
}
},
disableHostCheck: true
}
This is my axios instance creation with "withCredentials:true"
withCredentials: true,
baseURL: "/",
headers: { "Content-Type": "application/json" }
});
Below is my web secuirty configuration in the server side
httpSecurity
.csrf().disable()
.httpBasic().disable()
.authorizeRequests()
.antMatchers("/auth/login").permitAll()
.antMatchers("/auth/reset-password").authenticated()
.anyRequest().authenticated();
}
Note:This works in the postman because post man automatically adds the cookie in the request header
