req.cookies.jwt is defined in localhost but undefined in deployment. The cookies are being set in the browser, the only problem is I can’t access them.
I tried using react-auth-kit but it still doesn’t work!
const token = req.cookies.jwt;
if (token) {
jwt.verify(token, process.env.JWT_SECRET, async (err, decodedToken) => {
if (err) {
console.log("Wrong cookie");
res.json({ status: false });
return;
} else {
const currUser = await User.findById(decodedToken.id);
if (currUser) {
req.user = currUser;
next();
} else {
res.json({ status: false });
return;
}
}
});
} else {
console.log("no cookie");
res.json({ status: false });
return;
}
Here token is undefined.
Refer my github here: https://github.com/sh66n/react-todo for full code
14
Please see below a sample server and an application. The app is making a cross-site request. The cookie created is SameSite=’none’. And notably the domain has been left off. This was the scenario in which we had stopped our discussion in last week.
Now you can see here, when the domain is left off, it will be set automatically by the Browser with respect to the origin server.
Since the cookie is sameSite=’none’, it has been included in all subsequent cross-site requests as well.
Note : Both of these apps have been deployed in Vercel.
server.js
const express = require('express');
const cors = require('cors');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser());
app.use(
cors({
origin: ['https://78958487-f.vercel.app'],
methods: ['POST', 'GET'],
credentials: true,
allowedHeaders: ['Content-Type'],
})
);
app.get('/', async (req, res) => {
console.log(req.cookies);
if (!req.cookies?.someCookie) {
res
.cookie('someCookie', 'GET-Somevalue', {
secure: true,
sameSite: 'None',
maxAge: 24 * 60 * 60 * 1000,
})
.send('new cookie created - accessed by get.');
} else {
res.send('same cookie passed - accessed by get');
}
});
app.post('/', async (req, res) => {
console.log(req.cookies);
if (!req.cookies?.someCookie) {
res
.cookie('someCookie', 'POST-Somevalue', {
secure: true,
sameSite: 'None',
maxAge: 24 * 60 * 60 * 1000,
})
.send('new cookie created - accessed by post');
} else {
res.send('same cookie passed - accessed by post');
}
});
app.listen(3000, () => {
console.log('L@3000');
});
frontend.js
// this app serves the static file index.html kept in the public folder
const express = require('express');
const app = express();
app.listen(3000, () => {
console.log('L@3000');
});
index.html
<!DOCTYPE html>
<html>
<head>
CORS test 1
</head>
<body>
<p></p>
</body>
<script>
async function fetchdata() {
const p = document.querySelector('p');
try {
const response = await fetch('https://78958487-b.vercel.app/', {
mode: 'cors',
credentials: 'include',
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ somekey: 1 }),
});
p.textContent = await response.text();
} catch (err) {
p.textContent = err;
}
}
fetchdata();
</script>
</html>
Test run 1
Request URL : https://78958487-f.vercel.app/ // typed in the Browser
Output:
Test run 2
Request URL : https://78958487-f.vercel.app/ // typed in the Browser
Output:
Domain set by the Browser
2