I run ASP.NET web api project, a microservice in docker container. I have React + Vite app in another container. I´m trying to send an http cookie from that microservice to the fronted. I can see the cookie in the response in Set-cookie, however my browser refuses to store it (Application -> Cookies ), also the cookie ins not present in a request.
In my hosts file I have:
127.0.0.1 praxeosu.local
127.0.0.1 auth.praxeosu.local
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = true,
SameSite = SameSiteMode.None,
IsEssential = true,
Expires = DateTime.UtcNow.AddHours(3),
Domain = "auth.praxeosu.local" //note I also tried praxeosu.local or with dot at beginning - no success
};
Appending to the request in endpoint:
Response.Cookies.Append("Bearer", result.Data.Token, result.Data.Cookie);
return Ok();
My CORS setup
builder.Services.AddCors(options =>
{
options.AddPolicy("AllowAll",
builder => builder.AllowAnyMethod()
.WithOrigins("https://praxeosu.local", "https://praxeosu.local:5001", "https://auth.praxeosu.local:5001")
.AllowAnyHeader()
.AllowCredentials());
});
In the React I use axios and I have set withCredentials to true.
My NGINX:
server {
listen 443 ssl http2;
server_name praxeosu.local;
ssl_certificate /etc/nginx/ssl/praxeosu.local.crt;
ssl_certificate_key /etc/nginx/ssl/private/praxeosu.local.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
location / {
root /usr/share/nginx/html;
try_files $uri /index.html;
}
}
# NGINX konfigurace pro Authorization Service API
server {
listen 443 ssl http2;
server_name auth.praxeosu.local;
ssl_certificate /etc/nginx/ssl/praxeosu.local.crt;
ssl_certificate_key /etc/nginx/ssl/private/praxeosu.local.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
location / {
proxy_pass https://authorizationservice:5001;
proxy_set_header Host auth.praxeosu.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I have self signed certificates and browsers do not have problems with them and it is shown that the frontend is running on secure https (same for the backend when i open swagger)
However the browser still does not save the cookie, and I dont know where else the problem can be. Mybe its stupid question, but I am novice regarding the cookies, react and nginx
Thank you, Lukas
I tried to change the domain in the cookies, change the SameSite mode etc. browser still refuses to save the cookie, and send it back with requests.
SOLUTION:
I was totally blind as the react did not tell a word.
Solution was this:
const response = await axios.post('/api/v1/auth/login', { email: `${email}@osu.cz`, password: password }, { withCredentials: true });
I had to move the withCredentials into separate brackets. The original code was this:
const response = await axios.post('/api/v1/auth/login', {
email: `${email}@osu.cz`,
password: password,
withCredentials: true
});
Note the difference. Maybe it will help someone as blind as me, no offense :)
Thank you, Lukas