AWS Lambda Set-Cookie header not setting in the browser
I'm trying to set a cookie in my aws lambda function response. I don't have any header mapping as I'm using lambda proxy integration with API Gateway. The response code looks like this in the lambda function:
exports.handler = async (event) => {
const response = {
statusCode: 200,
"multiValueHeaders": {
"Set-Cookie": ["gtgm=6c7729687d5ff1a05f1a5dfb15ce3b8fa3f2b590; path=/; expires=Fri, 13-Feb-2032 13:27:44 GMT; secure; HttpOnly; SameSite=None"]
},
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Credentials": true,
},
};
return response;
};
I use fiddler to check the response and I can see the "Set-Cookie..." in the response which leads me to believe that the code above is correct? The issue is that the browser just ignores it and doesn't set any cookies at all except for the AWS DNT cookie. I'm not sure what else to check or if I've missed anything in the cookie config.
This is what my request looks like:
<Button
onClick={() => {
fetch(
"https:mysupercoolapi.com/cookie-test/",
{
// credentials: "include",
headers: {
"Content-Type": "application/json",
// "Access-Control-Allow-Credentials": "true",
},
}
)
.then((response) => response.json())
.then((data) => {
console.log(data);
});
}}
>
Cookie Test
</Button>
Not sure what I'm missing or where I'm going wrong.
I magaed to figure this one out myself. The setup above was fine but the browser requires you to have the following set properly in order for it to actually set the cookie:
- In the request: Set "credentials" as include. Depending on what library you're using (fetch would be credentials: "include"). You can see it is commented out in my original post above which is not correct.
- In the Response header in the Lambda function you need to set you origin e.g., "Access-Control-Allow-Origin": "http://localhost:3002". After testing I switched it to my actual domain. If there's a way to keep this set to the actual domain but still have it work while testing on localhost please let me know.
- In API Gateway you need to set the CORS values as in the screenshot below to ensure the preflight (OPTINOS) call is made correctly as well.
The key is to have both the request and response headers configured correctly. This is harder to do when using something like AWS but much easier with something like express.js where you can use the middleware.
- How should I manage postgres database handles in a serverless environment?
- How to pass API Gateway authorizer context to a HTTP integration
- How to use AWS CLI to deploy lambda function to specific alias or version?
- Exporting data from dynamo db to a csv file
- No integration defined for method - Choose a stage where your API will be deployed
- Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
- Lambda@Edge not logging on cloudfront request
- API Gateway doesn't return binary (image)
- AWS Lambda function and S3 - change metadata on an object in S3 only if the object changed
- Reading a pdf in AWS lambda using PyMuPDF
- Terraform: AWS Lambda with Image not updating
- passing a csv through an API
- Getting a "Forbidden" exception posting to a API Gateway Websocket API from within a VPC
- Invoke a Lambda from API Gateway Integration across different stacks using CloudFormation and Serverless Framework
- How get Environment Variables from lambda (nodejs aws-sdk)
- Return the expected status code in Postman
- No module named 'psycopg2._psycopg': ModuleNotFoundError in AWS Lambda
- How to load npm modules in AWS Lambda?
- CloudFormation is not authorized to perform: iam:PassRole on resource
- Creating Lambda Snapstart with Typescript CDK
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- 502 "Internal Server Error" with API Gateway + Lambda when deploying
- Splitting PDF with PyPDF2 in Lambda function
- Best way to store Firebase admin private key file for AWS lambda
- Parse Aws IoT message in python
- Index handler is undefined or not exported
- Restarting AWS lambda function to clear cache
- Converting components of Array Struct as columns in python
- Lambda unable to delete object from s3 in another account
- Should I close an RDS Proxy connection inside an AWS Lambda function?