System Information
- Strapi Version: 3.6.2
- Operating System: Ubuntu 20.04
- Database: PostgreSQL
- Node Version: 14.16.0
- NPM Version: 7.12.0
- Yarn Version: 1.22.10
Hi,
My goal is to set a cookie (secure, samesite=“lax”) from a custom component in the admin panel so it is sent with every request to the strapi api via the content-manager. The cookie holds some admin user preferences that I would like to be read by a custom policy in the backend.
In my staging environment, where I serve both the strapi API and admin UI from the same domain (my-app.example.com), I can do the above succesfully.
However in production, when I serve the strapi API at https://api.example.com, and serve the Admin UI from netlify at https://admin.example.com the cookie is set but it isn’t sent with requests made via the content-manager. Also requests made via a local plugin using axios, send the cookie successfully.
I’ve set the cookie domain to “example.com” and also tried “.example.com” but to no avail.
I’m using nginx as a reverse proxy in-front of the strapi app. Also, I’m using Cloudflare DNS to proxy my api server.
Does anyone have any idea what’s going on?
Here is my server.js
in production:
module.exports = ({ env }) => ({
host: env("HOST", "0.0.0.0"),
port: env.int("PORT", 1337),
proxy: true,
url: env("API_URL", "https://api.example.com"),
admin: {
auth: {
secret: env("ADMIN_JWT_SECRET","53cr3t"),
},
url: env("ADMIN_FRONTEND_URL", "https://admin.example.com"),
serveAdminPanel: false,
watchIgnoreFiles: ["**/todos/**"],
},
cron: {
enabled: true,
},
});
And here is my middleware.js
:
module.exports = ({ env }) => ({
settings: {
cors: {
origin: [
"https://admin.example.com"
],
headers: [
"Content-Type",
"Authorization",
"X-Frame-Options",
"X-SLABS-LOCATIONS",
],
credentials: true,
expose: ["WWW-Authenticate", "Server-Authorization", "X-SLABS-LOCATIONS"],
},
parser: {
enabled: true,
includeUnparsed: true,
},
cache: {
enabled: true,
type: "redis",
maxAge: 3600000,
redisConfig: {
host: env("REDIS_HOST", "0.0.0.0"),
port: env("REDIS_PORT", 6379),
},
models: [
"booked-treatments",
"booking-statuses",
"customers",
"opening-hours",
"provided-treatments",
"locations",
"session-types",
"timeslot-statuses",
{
model: "public/locations",
},
],
enableEtagSupport: true,
populateContext: true,
},
"upload-plugin-cache": {
enabled: true,
maxAge: 86400000,
dynamic: true,
lruCache: {
max: 1000,
},
},
},
});