Daniel Noworyta
Daniel Noworyta
Explore posts from servers
RRailway
Created by Daniel Noworyta on 2/9/2024 in #✋|help
SSL Secure Set-Cookie
Hi i have my API on api.danielnoworyta.com and my client on kursy.danielnoworyta.com My api suppose to give back set-cookie header when im hittinh /session-auth/sign-in but it's not My desired cookie option is:
session({
store: this.sessionService.redisStore,
name: 'course_api',
secret: this.configService.getOrThrow('passport.sessionSecret'),
resave: false,
saveUninitialized: false,
cookie: {
secure:
this.configService.getOrThrow('environment') === 'production',
httpOnly: true,
sameSite: 'strict',
domain:
this.configService.getOrThrow('environment') === 'production'
? '.danielnoworyta.pl'
: 'localhost',
maxAge: 2 * 60 * 60 * 1000, // 2 hours
},
}),
session({
store: this.sessionService.redisStore,
name: 'course_api',
secret: this.configService.getOrThrow('passport.sessionSecret'),
resave: false,
saveUninitialized: false,
cookie: {
secure:
this.configService.getOrThrow('environment') === 'production',
httpOnly: true,
sameSite: 'strict',
domain:
this.configService.getOrThrow('environment') === 'production'
? '.danielnoworyta.pl'
: 'localhost',
maxAge: 2 * 60 * 60 * 1000, // 2 hours
},
}),
when i turn off secure all is working fine. I think there is problem with SSL cert. My domain is on Vercel currently any ideas how to solve this problem?
8 replies