I'm using cookies for login auth on a Flask/Nuxt.js website and it works when I run the server locally when but not on my Heroku deployment. I don't believe it's a front end issue because when it works it works on both local and Vercel front end and the same rule applies when it doesn't work. Also, I have no code in the front end to receive the cookie.
Setting the cookie:
res = make_response({'user': user}, 200)
res.set_cookie(
'token',
value=token,
httponly=True,
samesite='strict',
secure=True,
expires=(datetime.utcnow() + timedelta(weeks=1))
)
return res
After request:
@app.after_request
def after_request(response):
response.headers.add(
'Access-Control-Allow-Origins',
['<deployment-site>', '<localhost>']
)
response.headers.add(
'Access-Control-Allow-Headers',
'Content-Type,Authorization,Secret'
)
response.headers.add(
'Access-Control-Allow-Methods',
'*'
)
response.headers.add(
'Access-Control-Allow-Credentials', 'true'
)
return response
Sending request:
//Axios Client Getter
export const getters = {
client: (state, getters, rootstate) => {
const BASE_URL =
process.env.NODE_ENV === 'production'
? <deployment-site>
: '<localhost>'
const Client = Axios.create({
baseURL: BASE_URL
})
Client.interceptors.request.use(
async function(config) {
const secret = bcrypt.hashSync(
<api-secret>,
genSaltSync()
)
config.headers['Secret'] = secret
return config
},
error => Promise.reject(error)
)
Client.defaults.withCredentials = true
return Client
}
}
//Axios Call
export const actions = {
async aUserLogin(store, user) {
const Client = store.rootGetters['auth/client']
try {
const res = await Client.post('login/users', user)
return true
} catch (err) {
if (err.response.status === 401) {
store.dispatch('aIncorrectPassword')
} else {
store.dispatch('error/aPassError', err, { root: true })
}
return false
}
}
}
Via Active questions tagged javascript - Stack Overflow https://ift.tt/2FdjaAW
Comments
Post a Comment