Fetch is not sending secure cookie during cross domain POST request
I cannot get this fetch request to correctly send the cookie (session id that is successfully stored in the Chrome browsers application tab within cookies). The cookie is a python bottle created, beaker.session.id cookie that is marked secure.
I have my bottle server configured to deal with CORS requests and cookies with the following headers being returned:
Access-Control-Allow-Credentials →true
Access-Control-Allow-Headers →Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token, Authorization
Access-Control-Allow-Methods →PUT, GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin →http://localhost:3000
My javascript code is:
fetch("https://#.#.#.#/session-status",
{
credentials: "include",
method: "post",
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
"id": id
}),
}).then(res => {
return res.json()
What could be causing this issue? The preflight OPTIONS request succeeds with a 200 OK, but the POST request does not send the necessary headers which include the session id.
UPDATE:
Turns out the issue was the SameSite: "Lax" part of the cookie. Bottle by default has SameSite: 'Lax" enabled, but you need to manually set it to None to not send the attribute. SameSite: "Lax" does not allow you to send unsafe requests (example: POST) from another domain according to this RFC in section 4.3.
- How to create streams from string in Node.Js?
- Filter or map nodelists in ES6
- How to force JavaScript to deep copy a string?
- Why is React component losing state sometime between setting state and keydown?
- Express.js - How to check if headers have already been sent?
- Why can't i unmute my HTML5 video with autoplay enabled?
- Is there any reason to manually `return` in a constructor function?
- Difference between Localhost and opening html file
- Change html table color based on the value of a cell
- Using Cypress, how to test if element does not exist?
- How to import ES Module into UI5 controller
- Referencing another element in CSS / doing math in CSS
- How to pass returned value to different component
- Correct way to handle conditional styling in React
- @panzoom/panzoom does not work when cursor over element
- How to make GTM run before redirect?
- How to make the Form elements work correctly when referencing in JS?
- Javascript live typing animation that handles HTML tags
- How to use onbeforeunload event handler without the pop up message?
- My Component in React JS application don't read the Headers from REST-Api - Headers is Empty
- How to get the absolute value of a number in JavaScript
- Detect if user is using webview for android/iOS or a regular browser
- Create a Web Worker from a Chrome Extension content script
- react-select: How do I resolve “Warning: Prop `id` did not match”
- How use BigInt that right shift operation and XOR in javascript?
- How to create checkbox inside dropdown?
- How to replace a quoted string with a modified version of it JQuery/Javascript
- Angular NG5002: @for loop must have a "track" expression
- Clickable Table Rows in Ruby on Rails
- How to focus on a form input text field on page load using jQuery?