Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure cookie issue #191

Open
imnaifu opened this issue Nov 28, 2019 · 1 comment
Open

Secure cookie issue #191

imnaifu opened this issue Nov 28, 2019 · 1 comment

Comments

@imnaifu
Copy link

imnaifu commented Nov 28, 2019

I'm using koa-session for a login service and found a problem when login from http://localhost.

Front-end app using http-proxy with the config like this

{
    "/api", {
      target: "https://test.com",
      changeOrigin: true
    }
}

so when the app is running at localhost:3000, it can sent ajax request to https://test.com
but the problem is when login service send the response header with the set-cookie, the cookie has the secure option (I think probably detect that request is from https because the changeOrigin is set to true). And since i'm using http://localhost, the cookie is not saved (or send), so login is failed.

Currently I manually set secure: false in the config, is there a better way of fixing this?
@ejose19
Copy link

ejose19 commented May 4, 2020

Yes, you can use secure: false, however you would need to change that on production. It's better to set up nginx to redirect traffic to your app so you work with https. Also you'll want to use a FQDN to avoid issues with cookies and CORS on development (like myapp.test), so just adding your test domain to /etc/hosts pointing to 127.0.0.1 or ::1 should do it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ejose19 @imnaifu