NGINX proxy not setting session cookie

Question

I have a Rails app as an API and a Nuxt.js (Vue.js) app as a frontend client.

I'm currently serving them locally. Rails runs on port 3000 and Nuxt.js runs on port 4000

Have the my /etc/hosts setup to the domain name: api.todos.test for Rails and todos.test for Nuxt.js

My NGINX configs are:

upstream rails_api {
  server 127.0.0.1:3000;
}

server {
    listen       80;
    listen       [::]:80;
    server_name  ~^(?<subdomain>.+)\.todos.test;

    location ~ ^/rest/ {
        proxy_pass http://rails_api;
        proxy_set_header Real-IP       $remote_addr;
        proxy_set_header Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NginX-Proxy   true;
        proxy_set_header Host          $subdomain.todos.test:3000;
        proxy_pass_header Set-Cookie;
        proxy_redirect off;
    }

    location / {
        proxy_pass http://todos.test:4000;
        proxy_set_header Real-IP $remote_addr;
        proxy_set_header Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NginX-Proxy true;
        proxy_set_header Host        $host;
        proxy_redirect off;
    }
}

I am able to hit both servers, so NGINX is handling the proxying. My Rails API returns a response with Set-Cookie: _session_id=... but for some reason this never gets set in Chrome.

Am I doing something wrong in NGINX?

Answer 1

Seems when using NGINX (or perhaps any reverse proxy), it's necessary to set the domain in the cookie when sending it from the server.

Answer 2

Are you send XHR request to that Rails API?

The browser cannot give access to 3rd party cookies like those received from ajax requests for security reasons.

You can get/set the cookie manually. Please refer this question. How to get a cookie from an AJAX response?