Cookies are not set in browser but are there response headers support Questions, discussions, and general support
ram-livwell opened this issue · comments
Hey, I'm trying to set up the cookie in response headers.
I tried two methods none of them worked.
# METHOD 1
server.route({
method: 'POST',
path: '/login',
options: {
validate: {
payload: Joi.object({
username: Joi.string().required(),
password: Joi.string().required()
})
}
},
handler: (request, h) => {
// Generate a new access token
const accessToken = generateAccessToken(username);
// Generate a new refresh token
const refreshToken = generateRefreshToken(username);
const response = h.response({accessToken,refreshToken});
const refreshTokenOptions = {
ttl: 60 * 60 * 24,
encoding: 'none',
isSecure: false,
isHttpOnly: false,
path: '/',
// domain: '.abc.com',
strictHeader: true,
};
response.state('refreshToken', refreshToken, refreshTokenOptions);
return response
}
});
# METHOD 2
const cookie = require('cookie');
server.route({
method: 'POST',
path: '/login',
options: {
validate: {
payload: Joi.object({
username: Joi.string().required(),
password: Joi.string().required()
})
}
},
handler: (request, h) => {
// Generate a new access token
const accessToken = generateAccessToken(username);
// Generate a new refresh token
const refreshToken = generateRefreshToken(username);
// Generate a new refresh token
const refreshTokenCookie = cookie.serialize('refreshToken',refreshToken , {
httpOnly: true,
Secure:false,
// sameSite: 'Lax',
ttl: 60 * 60 * 24, // Refresh tokens can last longer than access tokens
// secure: false,
path: '/'
});
const response = h.response({accessToken,refreshToken});
response.header('Set-Cookie', refreshTokenCookie);
// response.state('refreshToken', result.data.accessToken, refreshTokenCookie);
// Return a 200 OK response with the access token
return response;
}
});
But in the 2nd Method I can see the token in response headers but not in the browser cookie
and my cors are
const server = new Server({
port: config.SERVER.PORT,
routes: {
cors: {
origin: ["*"],
credentials: true,
headers: ["Accept", "api_key", "authorization", "Content-Type", "If-None-Match", "platform", "timezone", "language", "access-control-allow-origin"],
additionalHeaders: ["Accept", "api_key", "authorization", "Content-Type", "If-None-Match", "platform", "timezone", "language", "access-control-allow-origin"], // sometime required
exposedHeaders: ["Set-cookie"],
}
}
});
but still, it is not working. Is any wrong from my side? kindly suggest me
Duplicate of #4443.
Can I get response of this issue??
Try:
return h.response({ success: true }).header('X-Custom', 'some-value');