0

I've been wracking my brain trying to figure out why this get request isn't sending an authentication cookie along with it, and can't figure it out.

The request in question is as follows:

this.http.get(`${this.url}/api/public/schedules`, {observe: 'body', responseType: 'json', withCredentials: true});

With the cookie being set beforehand (which I've double checked, it is already set when this request goes out) with:

this.CookieService.set("token", token, undefined, undefined, undefined, false);

Chrome dev tools show that the cookie exists, and secure is set to false, but the cookie is never sent with any requests. I've verified this both client-side (chrome says no cookies are sent with the request) and server-side (logging the cookies associated with the request always comes up blank.)

Here's my relevant server-side code:

app.use((req, res, next) => { //log all requests
    console.log(`Received ${req.method} request for ${req.url}`);
    console.log("Cookies: " + JSON.stringify(req.cookies));
    res.append('Access-Control-Allow-Origin', ['http://localhost:4200']); //adding headers here
    res.append('Access-Control-Allow-Credentials', true);
    res.append('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
    res.append('Access-Control-Allow-Headers', 'Content-Type');
    next(); //then continue
});

When I send the same request with a cookie in insomnia, it gets properly logged, so I'm not sure what's going on. Any help would be appreciated.

schwem00
  • 5
  • 1
  • 4
  • This: "_and secure is set to false_" is suspect in an authentication setting. Are you saying that the protocol of `${this.url}` is `http` and not `https`? – Randy Casburn Dec 04 '20 at 22:16
  • Yes. There's not actually any valuable data that can be accessed if someone were to bypass the authentication here, it's a school project. – schwem00 Dec 04 '20 at 22:21
  • You sure there isn’t a redirect happening or a proxy in effect? – MikeOne Dec 04 '20 at 23:00
  • Can it be related to [this](https://github.com/stevermeister/ngx-cookie-service/issues/86) issue? – da-sha1 Dec 04 '20 at 23:05
  • Yup, absolutely sure. Neither are used. @MikeOne. – schwem00 Dec 04 '20 at 23:24
  • The cookie is being set according to chrome dev tools, and the same issue happens in other browsers as well @da-sha1 – schwem00 Dec 04 '20 at 23:24
  • If you specify the path while setting the cookies it should work. this.CookieService.set("token", token, undefined, '/', undefined, false); – Rajat Dec 05 '20 at 17:44
  • The cookie gets set in '/' by default, I can see it in chrome. Tried it just incase but still wouldn't send. – schwem00 Dec 06 '20 at 19:27

0 Answers0