I'm using credentials: 'include'
and mode: 'cors'
on the client. On the server I see access-control-allow-credentials: true
and access-control-allow-origin: https://dev.com:9443
headers. I don't see my cookie
header though and I can't seem to find why it isn't sending. Let me know if I can provide any further details.
Fetch request
fetch(url, {
method: 'get',
credentials: 'include',
mode: 'cors',
headers: {
'Content-Type': 'application/json'
}
});
Options Request Headers
:authority: prod.fakedomain.com
:method: OPTIONS
:path: /Search
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,fr;q=0.8,la;q=0.7
access-control-request-headers: content-type
access-control-request-method: GET
cache-control: no-cache
dnt: 1
origin: https://dev.com:9443
pragma: no-cache
referer: https://dev.com:9443/
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Options Response Headers
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,POST
access-control-allow-origin: https://dev.com:9443
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
date: Mon, 04 Feb 2019 03:45:06 GMT
status: 200
vary: Origin
x-application-context: application:8080
Get Request Headers
:authority: prod.fakedomain.com
:method: GET
:path: /Search
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,fr;q=0.8,la;q=0.7
cache-control: no-cache
content-type: application/json
dnt: 1
origin: https://dev.com:9443
pragma: no-cache
referer: https://dev.com:9443/
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Get Response Headers
access-control-allow-credentials: true
access-control-allow-origin: https://dev.com:9443
content-encoding: gzip
content-type: application/json;charset=UTF-8
date: Mon, 04 Feb 2019 03:45:07 GMT
status: 200
vary: Origin,Accept-Encoding
x-application-context: application:8080
I finally find out that problem just browser not allow two not same domain share any cookie(except for the same second level domain), it's beyond credentials: include
can do, after 2 hours trying... I find out credentials: include
just meaning u can send cookie but it doesn't meaning you can send cookie with two different domain..
Whatever you do, change browser setting、set cookie's SameSite
any way, just can't do that...
So that is my conclusion,hope u get it...
I was able to resolve this issue by going into my Safari privacy settings and unchecking Prevent cross-site tracking
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With