How can you access cookies on a static S3 site behind a CloudFront distribution?
So I'm trying to deploy my website which works well when in a local environment, but when it is deployed to Cloudfront, it can't seem to access cookies.
My frontend tech stack is as follows: Angular site hosted on S3, cloudfront distribution in front of it, custom domain name with a valid ssl certificate.
When the user navigates to the login page, they can successfully submit the forum, and the server responds with a JWT token in the Set-Cookie header.
After this though, in the angular site it says that the access-token cookie does not exist. The strange part here is that on subsequent requests, the access-token cookie is in fact forwarded back to the backend. (In the image below, the login button was pressed again, so the response cookie is the same as the request cookie.)
I've ensured that HttpOnly is not set, and that the frontend and backend are both hosted under the same root domain frontend.root.com and api.root.com.
Cloudfront has been configured to forward the access-token cookie:
cache policy:
origin request policy (note that it still did not work when I had this set to forward all cookies and not just the access token):
Response headers settings:
So in my angular site, after the /login api call resolves, I use the ngx-cookie-service to check and try to retrieve the cookie.
this.cookieService.check('access-token'); // checks if it exists, returns false
this.cookieService.get('access-token'); // returns '' meaning the cookie does not exist
Any ideas on how to resolve this issue and access the cookies from within my angular site? I can provide more information on my configurations if needed. Thanks!
As you can barely make out in the screenshot the Cookies have the domain set as something starting with a suggesting that it is api.root.com, most importantly it is not frontend.root.com and not root.com.
The server needs to set the domain of the cookie to root.com for it to be available to all subdomains of it.
- Generate S3 URL in "path-style" format
- Trying to find the ARN pattern for AWS WAF regional
- AWS cognito: What's the difference between Access and Identity tokens?
- virtually isolate the network in the same AWS Cloud Account
- Can I stop a spot instance in aws just like I can stop and start an on demand ec2 instance
- Get pdftotext Python module running on Lambda
- Kubernetes: how to set VolumeMount user group and file permissions
- Invalid arn error for terraform code with kms data resource
- Unable to import module 'src.main': No module named 'dependencies' when uploading FastAPI zipped project to AWS Lambda
- Unable to update AWS AppRunner VPC connector via CDK
- Exit early from CodeBuild
- qemu-x86_64: Could not open '/lib64/ld-linux-x86-64.so.2': No such file or directory in alpine linux on M1
- In AWS API Gateway, can method level limits for a specific end point exceed stage level limit?
- How to install postgresql-client to Amazon EC2 Linux machine?
- Why does API Gateway not pass through the request path parameters in proxy mode?
- Does AWS VPC Endpoint require subnets?
- Windows authentication does not work behind AWS Application Load Balancer
- Exporting data from dynamo db to a csv file
- Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
- How to set S3 path style in Clojure using Amazonica library?
- System Manager Parameter Store Input
- Issues Sending Kafka and Zookeeper Metrics to AWS CloudWatch Using JMX and CloudWatch Agent
- How to connect to AWS Redis cluster locally?
- HTTPS connections to cloudfront / S3 using godaddy domain
- Local Job unable to find Region
- Nginx Error 413 Entity too large on AWS ELB
- How to get the ARN of an SSM Document in CloudFormation?
- Login to chrome extension via website with AWS amplify
- In total how many aws command is available
- How to upgrade AWS CLI to the latest version?