1

I have the following scenario with both my FE and BE hosted on Heroku's free dynos.

My Express BE sets a cookie in the following way on POST Login request:

router.post('/login', isGuest, async (req, res) => {
const { email, password } = req.body;
try {
 let { token, userId, userEmail, userAvatar } = await authService.login({
   email,
   password,
 });

 res.status(200).json({
   userId,
   userEmail,
   userAvatar,
 });
 res.cookie(AUTH_COOKIE_NAME, token, {
   secure: true,
   sameSite: 'none',
 });
 } catch (error) {
   res.status(500).json({ message: error.message });
 }
});

This is my CORS configuration:

const corsConfig = {
 credentials: true,
 origin: true,
};

This works great on Chrome and FF, but on Safari the cookie is not being set. I read through all the issues on Safari not being able to set cookies and tried to specify a domain in the cookie. I also tried chaining the response answer like this res.cookie(...).status(200).json() but still had no luck.

Any ideas on what should I change so I can set the cookie successfully on Safari too?

If I can add any further information that could be helpful let me know.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Tsvetislav Todorov
  • 71
  • 6
  • Does this answer your question? [Safari not sending cookie even after setting SameSite=None; Secure](https://stackoverflow.com/questions/58525719/safari-not-sending-cookie-even-after-setting-samesite-none-secure) – jub0bs Jan 14 '22 at 13:20
  • 2
    Thanks, @jub0bs I've gone through this one before posting. Sadly, it seems that Safari cannot be easily dealt with so I just re-implemented my authentication to use Passport.js and it works now. – Tsvetislav Todorov Jan 14 '22 at 19:49

0 Answers0