I'm having a website on firebase hosting and a cloud functions in firebase functions in order for users to login.
I'm calling the /login from the frontend by:
await fetch("https://us-central1-xxxx-website.cloudfunctions.net/api/login", {
method: "POST",
credentials: "include",
headers: {
"Accept": "application/json",
"Content-Type": "application/json"
},
body: JSON.stringify({ token })
})
As you can see I include the credentials, and I use the cloudfunctions.net domain. I also tried by using my own domain name, but same result.
In my function I want to send the session token as a cookie:
app.post("/login", async (req, res) => {
...
res.cookie("__session", sessionCookie, {
expires: new Date(new Date().getTime() + expiresIn), // Add 2 weeks (in milliseconds) to the current epoch
httpOnly: false,
secure: true,
sameSite: 'lax',
domain: req.get('host')
});
return res.sendStatus(200);
However on browser side I get:
Same as in the frontend, I also tried using origin in domain, or even explicitly set either my own domain or the cloudfunctions.net domain.
In all cases and combination the cookie can't be set.
I tried samesite none, same.
I have no 3rd party blocker setup, and this works on another project of mine. I don't get what is wrong there...
