Cookies are not set in browser but are there response headers support Questions, discussions, and general support

Question

Cookies are not set in browser but are there response headers support Questions, discussions, and general support

ram-livwell opened this issue a year ago · comments

Hey, I'm trying to set up the cookie in response headers.

I tried two methods none of them worked.

# METHOD 1

server.route({
    method: 'POST',
    path: '/login',
    options: {
      validate: {
        payload: Joi.object({
          username: Joi.string().required(),
          password: Joi.string().required()
        })
      }
    },
    handler: (request, h) => {
      // Generate a new access token
      const accessToken = generateAccessToken(username);
  
      // Generate a new refresh token
      const refreshToken = generateRefreshToken(username);
  
  
      const response = h.response({accessToken,refreshToken});
      const refreshTokenOptions = {
        ttl: 60 * 60 * 24,
        encoding: 'none',
        isSecure: false,
        isHttpOnly: false,
        path: '/',
        // domain: '.abc.com',
        strictHeader: true,
      };
      response.state('refreshToken', refreshToken, refreshTokenOptions);
      return response
    }
  });

# METHOD 2

const cookie = require('cookie');

server.route({
    method: 'POST',
    path: '/login',
    options: {
      validate: {
        payload: Joi.object({
          username: Joi.string().required(),
          password: Joi.string().required()
        })
      }
    },
    handler: (request, h) => {
     // Generate a new access token
     const accessToken = generateAccessToken(username);
  
     // Generate a new refresh token
     const refreshToken = generateRefreshToken(username);
      // Generate a new refresh token
      const refreshTokenCookie = cookie.serialize('refreshToken',refreshToken , {
        httpOnly: true,
        Secure:false,
        // sameSite: 'Lax',
        ttl: 60 * 60 * 24, // Refresh tokens can last longer than access tokens
        // secure: false,
        path: '/'
        });

        const response = h.response({accessToken,refreshToken});
        response.header('Set-Cookie', refreshTokenCookie);
      //   response.state('refreshToken', result.data.accessToken, refreshTokenCookie);
      //   Return a 200 OK response with the access token
        return response;
    }
  });

But in the 2nd Method I can see the token in response headers but not in the browser cookie

and my cors are

const server = new Server({
	port: config.SERVER.PORT,
	routes: {
		cors: {
			origin: ["*"],
			credentials: true,
			headers: ["Accept", "api_key", "authorization", "Content-Type", "If-None-Match", "platform", "timezone", "language", "access-control-allow-origin"],
			additionalHeaders: ["Accept", "api_key", "authorization", "Content-Type", "If-None-Match", "platform", "timezone", "language", "access-control-allow-origin"], // sometime required
			exposedHeaders: ["Set-cookie"],
		}
	}
});

but still, it is not working. Is any wrong from my side? kindly suggest me

Nicolas Morel · Answer 1 · Thu Apr 06 2023 20:39:47 GMT+0800 (China Standard Time)

Duplicate of #4443.

ram-livwell · Answer 2 · Thu Apr 06 2023 20:46:41 GMT+0800 (China Standard Time)

Can I get response of this issue??

Devin Stewart · Answer 3 · Thu Apr 06 2023 21:30:17 GMT+0800 (China Standard Time)

Try:

return h.response({ success: true }).header('X-Custom', 'some-value');

See https://hapi.dev/api/?v=21.3.1#-hresponsevalue