Bellow code references and request references have ments these were added in SO to explain my understanding original requests and code contain no ments.
I am aware of the standard of using auth headers for fetch requests. what I need to do is get the cookie that server A sets to server B without having to pass it via javascript.
I have Server A: http://127.0.0.1:8080 contains index.html
index.html when cookie jar is looked at contains a cookie
I also have Server B: :8081. <- duno if relevant port and ip are different
http://127.0.0.1:8080/index.html makes the bellow request
let url = ":8081/write" //this url is o a different server so certain headers are needed
let cookies = document.cookie
console.log(cookies) //this logs the cookie so I know its defo there
let otherPram= {
credentials: 'include', //this is what I need to tell the browser to include cookies
method: "GET"
};
fetch(url, otherPram)
After the request is made the browser makes an options call to :8081/write with response:
access-control-allow-credentials: true
access-control-allow-headers: accept, authorization, content-type, origin, x-requested-with, access-control-allow-credentials, cookie, access-control-allow-origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://127.0.0.1. //also tried this with http://127.0.0.1:8080
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, cookie
access-control-max-age: 600
connection: keep-alive
content-length: 0
date: Thu, 16 Jan 2020 08:22:19 GMT
however the request contains no cookies.
to the best of my knowledge it should send the cookies with the fetch request.
Bellow code references and request references have ments these were added in SO to explain my understanding original requests and code contain no ments.
I am aware of the standard of using auth headers for fetch requests. what I need to do is get the cookie that server A sets to server B without having to pass it via javascript.
I have Server A: http://127.0.0.1:8080 contains index.html
index.html when cookie jar is looked at contains a cookie
I also have Server B: http://0.0.0.0:8081. <- duno if relevant port and ip are different
http://127.0.0.1:8080/index.html makes the bellow request
let url = "http://0.0.0.0:8081/write" //this url is o a different server so certain headers are needed
let cookies = document.cookie
console.log(cookies) //this logs the cookie so I know its defo there
let otherPram= {
credentials: 'include', //this is what I need to tell the browser to include cookies
method: "GET"
};
fetch(url, otherPram)
After the request is made the browser makes an options call to http://0.0.0.0:8081/write with response:
access-control-allow-credentials: true
access-control-allow-headers: accept, authorization, content-type, origin, x-requested-with, access-control-allow-credentials, cookie, access-control-allow-origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://127.0.0.1. //also tried this with http://127.0.0.1:8080
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, cookie
access-control-max-age: 600
connection: keep-alive
content-length: 0
date: Thu, 16 Jan 2020 08:22:19 GMT
however the request contains no cookies.
to the best of my knowledge it should send the cookies with the fetch request.
Share Improve this question edited Mar 6, 2020 at 3:49 sideshowbarker♦ 88.5k30 gold badges215 silver badges212 bronze badges asked Jan 16, 2020 at 8:42 abeabe 4,1466 gold badges30 silver badges33 bronze badges2 Answers
Reset to default 3Cookies belong to an origin.
let cookies = document.cookie console.log(cookies) //this logs the cookie so I know its defo there
That shows that there are cookies for the origin of the HTML document.
After the request is made the browser makes an options call to http://0.0.0.0:8081/write
So you are making a cross-origin request.
The cookies do not belong to that origin so the browser will not send them.
If you want to send cookies to http://0.0.0.0:8081/, then you need to make a request to http://0.0.0.0:8081/ and have it use a Set-Cookie header in the response to set them in the first place. The browser won't set the cookies from :8080 to :8081 because they aren't :8081's cookies.
Typically web services will use an Authorization header instead of cookies.
let otherPram= {
headers: {
"Authorization": "Bearer SomeToken"
},
credentials: 'include', //this is what I need to tell the browser to include cookies
method: "GET"
};
Aside: I removed "content-type": "application/json". You are making a GET request so the request has no content to specify the type of.
Experimenting on the server at least with sub domains you can share cookies which is enough in this case.
Along with all the cors properties and the fetch include. The cookie being set needs the domain to be set too.
Set-Cookie: myCookie=value; domain=root.
All subdomains of root. will share that specific cookie.