1

So, I have a frontend vite app hosted on Netlify (link), and a backend api written in express hosted on Railway. When testing locally, the server is able to set cookies during redirect for Google OAuth. However, in production, it does not seem to work. The Set-Cookie header is present, however the cookie isn't set. The code for setting the cookie is the following.

res.cookie("refresh_token", googleUserData.tokens.refreshToken, {
    httpOnly: true,
    secure: true,
    maxAge: refreshTokenMaxAge,
    sameSite: "none",
});

Tested on localhost, everything worked fine. After deploying, cookies are not being set by the backend hosted on Railway.

ScorpsX
  • 11
  • 1
  • 1
  • When I had such an issue it was related to `sameSite: 'strict'` so I used proxy in my React API calls, but yours has `sameSite: 'none"` even in production? You are sure about that? – Aleksandar Apr 11 '23 at 13:09
  • In DevTools in the Network tab I noticed a request at `/users/me` is failing even before the request for `/auth/refresh`, in that `me` request you have *Request Headers* with `authorization: Bearer null`, aren't you supposed to have accessToken in there that could be used to request refreshToken? But when logging in with Google I noticed *accessToken* is set to my *localStorage*, when refreshing this accessToken is being sent in the `me` request, but its response is failing; so the issue isn't in the code you've provided. – Aleksandar Apr 11 '23 at 13:27

0 Answers0