1

I have a Nextjs app running at domain like https://client.mydomain.com that makes calls, from browser not getServerSideProps or micro api, to Express API at https://api.mydomain.com. The API returns a cookie (Secure, SameSite='none', long Expires), I can see the cookie in the response, and subsequent calls to the API from the browser will include the cookie correctly, but the cookie is not ever set on https://client.mydomain.com. So if I return to https://client.mydomain.com, the cookie is not present. Like it somehow pertains to the shared singleton axios instance.

How do I allow the cookie to pass through correctly from the API domain > client domain? > browser to be set on https://client.mydomain.com? I can extract the cookie from API in the axios call response in the client browser and manually set it via document.cookie of course, but sure I can simply allow it to pass through somehow from the API?

Express

https://api.mydomain.com

...
app.use(
  cors({
    origin: ['https://client.mydomain.com', 'https://localhost:80'],
    credentials: true,
    exposedHeaders: 'Set-Cookie',
  }),
);
...
res.cookie('mycookie', 'hello', {
   sameSite: 'none',
   secure: true,
   expires: tokenExpires,
});  
...

Next.js App

https://client.mydomain.com

const response = await axios.get('/', {
   withCredentials: true,
});

Response Header

set-cookie: mycookie=hello; Path=/; Expires=Fri, 29 Apr 2022 21:43:00 GMT; Secure; SameSite=None

Yet no cookie persisted if I check the application tab in chrome, or run document.cookie after the requests to API

Boon
  • 23
  • 4
  • Does this answer your question: [Share cookie between subdomain and domain](https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain)? – juliomalves Apr 30 '22 at 12:46

0 Answers0