Question

Hello I am developing a web app, with a microservices architecture.

I am using golang (Fiber) on the backend and Next.js on the frontend.

When I send a request from restaurant.quiqr.co/signin to api.quiqr.co/auth/signin, I am sending a cookie along side the response from api.quiqr.co containing the jwt token. Everything works fine on Postman, i can see the cookie being stored and sent with any follow up request.

But when it comes to web browsers, my cookie is not being stored. What could be the issue?

I am using kubernetes with Ingress nginx, but as i mentioned before everything works on Postman.

I tried to modify the cookie domain to .quiqr.co or restaurant.quiqr.co, but this did not work, I even tried all of the SameSite attributes, but nothing worked.

The only solution that worked is when I put all of them under the same domain. For example: quiqr.co/api/auth/signin and quiqr.co/restaurant/signin, the returned cookie will have a .quiqr.co domain and everything would work fine.

I also realized that when I do so, the browser wont send a Preflight request, but if i separate them again to subdomains the browser would send a Preflight request and the returned cookie wont be stored.

So what could be the issue here? Thank you.

Both requests- Preflight and xhr

xhr request content

No cookies in my devtools

Answer 1

I had the same issue just looked into the docs and found out. We need to set CORS using cors middlewares

app.Use(cors.New(cors.Config{
    AllowOrigins:     "http://localhost:5173, http://localhost:5174",
    AllowHeaders:     "Origin, Content-Type, Accept",
    AllowCredentials: true,
}))

AllowCredentials: true is the main thing!

Hope it helped!

友情链接