I have the following standard Response setup in my DRF application:
response = Response(data=response, status=status.HTTP_200_OK)
I'm then attempting to add a split JWT header.payload
and signature
to the response headers with a response.set_cookie()
call, as follows:
max_age = 365 * 24 * 60 * 60
expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=max_age)
response.set_cookie(
key='JWT_ACCESS_HEADER_PAYLOAD',
value=header_payload,
httponly=False,
expires=expires.strftime("%a, %d-%b-%Y %H:%M:%S UTC"),
max_age=max_age
)
response.set_cookie(
key='JWT_ACCESS_SIGNATURE',
value=signature,
httponly=True,
expires=expires.strftime("%a, %d-%b-%Y %H:%M:%S UTC"),
max_age=max_age
)
return response
I can't see anything wrong with what I have done thus far:
Yet, for some reason, the only cookies set on the client side are as follows:
What have I done wrong here??
The actual output in the headers seem to be a valid SetCookie value:
JWT_ACCESS_HEADER_PAYLOAD=aSasas; expires=Sat, 03-Apr-2021 10:24:31 GMT; Max-Age=31536000; Path=/
JWT_ACCESS_SIGNATURE=asaSasaS; expires=Sat, 03-Apr-2021 10:24:31 GMT; HttpOnly; Max-Age=31536000; Path=
N.B. Running on localhost...if that helps?
So, this seems like a very trivial solution because it is just that.
I was using axios
... without sending { withCredentials: true }
, with the requests.
The cookies were being set - because, well, they were. It's just to see them I needed to refresh the browser.