R
Railway9mo ago
Daniel Noworyta

SSL Secure Set-Cookie

Hi i have my API on api.danielnoworyta.com and my client on kursy.danielnoworyta.com My api suppose to give back set-cookie header when im hittinh /session-auth/sign-in but it's not My desired cookie option is: 
session({
          store: this.sessionService.redisStore,
          name: 'course_api',
          secret: this.configService.getOrThrow('passport.sessionSecret'),
          resave: false,
          saveUninitialized: false,
          cookie: {
            secure:
              this.configService.getOrThrow('environment') === 'production',
            httpOnly: true,
            sameSite: 'strict',
            domain:
              this.configService.getOrThrow('environment') === 'production'
                ? '.danielnoworyta.pl'
                : 'localhost',
            maxAge: 2 * 60 * 60 * 1000, // 2 hours
          },
        }),
session({
          store: this.sessionService.redisStore,
          name: 'course_api',
          secret: this.configService.getOrThrow('passport.sessionSecret'),
          resave: false,
          saveUninitialized: false,
          cookie: {
            secure:
              this.configService.getOrThrow('environment') === 'production',
            httpOnly: true,
            sameSite: 'strict',
            domain:
              this.configService.getOrThrow('environment') === 'production'
                ? '.danielnoworyta.pl'
                : 'localhost',
            maxAge: 2 * 60 * 60 * 1000, // 2 hours
          },
        }),
when i turn off secure all is working fine. I think there is problem with SSL cert. My domain is on Vercel currently any ideas how to solve this problem?
Solution:
look into trusting the proxy headers so that your app knows its running behind an https proxy, otherwise it thinks its running with only http and wont let you set the cookie
Jump to solution
5 Replies
Percy
Percy9mo ago
Project ID: 08d2e015-833f-4bf2-927a-9eff232fb9fa
Daniel Noworyta
Daniel NoworytaOP9mo ago
08d2e015-833f-4bf2-927a-9eff232fb9fa
Solution
Brody
Brody9mo ago
look into trusting the proxy headers so that your app knows its running behind an https proxy, otherwise it thinks its running with only http and wont let you set the cookie
Daniel Noworyta
Daniel NoworytaOP9mo ago
where i should do this? on railway itself? or settings on my api?
Brody
Brody9mo ago
in your code
Want results from more Discord servers?
Add your server