So I extended the callback function from the auth controller from the users & permissions plugin and upon logging in I am setting a HTTP Only cookie like this
const jwt = strapi
.plugin(‘users-permissions’)
.service(‘jwt’)
.issue({ id: user.id });
ctx.cookies.set('token', jwt, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
maxAge: 1000 * 60 * 60 * 24 * 7, // 7 days
sameSite: 'strict',
});
I am getting the cookie on the response headers, but now when I am trying to send the cookie on every request in my front end app ( it’s a Remix app) the cookie doesn’t seem to be sent and I get CORS error.
THis is how I setup my axios client to send the http only cookie on every request.
function createApiClient() {
return axios.create({
baseURL,
withCredentials: true,
headers: {
‘Content-Type’: ‘application/json’,
},
});
}
On the frontend I am just using a mutation from react-query to login
const { mutate } = useMutation({
mutationFn: async () => {
await login(‘user@strapi.io’, ‘strapiPassword’);
},
Strapi - middleware.ts
export default [
‘strapi::logger’,
‘strapi::errors’,
‘strapi::security’,
{
name: ‘strapi::cors’,
config: {
origin: [‘http://localhost:5174’],
methods: [‘GET’, ‘POST’, ‘PUT’, ‘PATCH’, ‘DELETE’, ‘HEAD’, ‘OPTIONS’],
headers: [‘Content-Type’, ‘Authorization’, ‘Origin’, ‘Accept’],
keepHeaderOnError: true,
},
},
‘strapi::poweredBy’,
‘strapi::query’,
‘strapi::body’,
{
name: ‘strapi::session’,
config: {
httpOnly: true,
secure: process.env.NODE_ENV === ‘production’,
},
},
‘strapi::favicon’,
‘strapi::public’,
];
What am I missing? I am literally stuck for hours trying to fix this. Is there a different way to set the httpOnly cookie on the strapi backend so I can use it in my remix frontend on every request?
This topic has been created from a Discord post (1298945753783210037) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord