Get Cookie from axios response using cors on the server side

node.js express vue.js cors
16,816

Access-Control-Allow-Credentials: true (which is what 'controls' whether cookies and other 'credentials' can be used in a CORS request) is not compatible with Access-Control-Allow-Origin: * - you need to specify the exact origin from which the request is coming in the ACAO response header if you want to use cookies.

Basically, extract the Origin request header and ensure that it is 'mirrored back' in the Access-Control-Allow-Origin response header. In your case, it will probably be https://localhost:8080, but you shouldn't hardcode it - always extract it from the Origin request header.

So the answer should be as simple as specifying the value of the Origin request header in the server.use.cors.origin value.

Share:
16,816
Rokko_11
Author by

Rokko_11

Updated on June 05, 2022

Comments

  • Rokko_11
    Rokko_11 almost 2 years

    I run Vue.js 2.5.2 and axios 0.17.1 against a Node.js server using express 4.16.2 and cors 2.8.4.

    When I do a login

    axios.post('/login', {"username": "a", "password": "b").then((response) => {
    console.log(response.headers['set-cookie']);
}

    I get undefined as output. On other topics they told to set the Access-Control-Expose-Headers: Access-Token, Uid. I did this in my server-config like this:

    const express = require('express'),
cookieParser = require('cookie-parser'),
cors = require('cors'),
bodyParser = require('body-parser'),
const server = express();

server.use(cookieParser());
server.use(bodyParser.json({limit: '50mb'}));
server.use(bodyParser.urlencoded({limit: '50mb', extended: true}));

server.use(cors({
  "origin": "*", 
  "credentials": true,
  "exposedHeaders": ["Uid", "Access-Token"]
  // same for "Uid, Access-Token"
  // Adding "set-cookie" to this list did not work.
}));

    I can see in the Chrome Developer Toolbar, that Access-Control-Expose-Headers-Option is set in the OPTION-Request and the POST-Request. Also in the POST-Request I can see the set-cookie-header. But the log of response.headers['set-cookie'] is still undefined.

    Edit:

    This behavior is in the development-mode: Server is running on localhost:3000, client is running on localhost:8080.

    When I build the vue.js-client for production mode so that both runs on localhost:3000, it works.

    Any ideas?

    Thank you!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using Cypress, how would I write a simple test to check that a logo image exists on a page
Passport js fails to maintain session in cross-domain
Getting Around "blocked by CORS policy" Error in Angular App Running Local Instance of API
nginx reverse proxy setup does not preserve session id when doing CORS requests
Angular $http.delete CORS error (preflight request)
Why Chrome can’t set cookie
Serving VueJS Builds via Express.js using history mode
How to deploy express.js server to Netlify
Node.Js error "No 'Access-Control-Allow-Origin' header is present on the requested"
CORS - OPTIONS ... 404 (not found)