Search code examples
cookiesapi-platform.comhttponly

cookie httponly not sent

I'm building an api with api platform and a front with react (using the react template of apiplatform). I configured authentification and a return to client with httponly cookie which contains the jwt. But when my front does a request, it does not send this cookie... And I absolutly don't know why, I thought it was automaticaly done by browser till it's on same domain.

Here is an example of the network history from my client :

authentication request with httponly cookie in response header

second request without auth cookie

my app is running on https://localhost:3000/

Do you see something wrong in theses request ? Or does anyone has an idea of what it could come from ? My app and api are using https and have a valid certificate...

If you need any additional info, feel free to ask, and thanks all !!!

Solution

  • ok, I've found solution : add credentials to the auth request, if header is not added, cookie won't be stored by browser. And second point :

    const fetchHydra = (url, options = {}) =>
  baseFetchHydra(url, {
    ...options,
    credentials: 'include',
  });

    credentials: 'include' is not in headers option... Nice !