You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For those implementing a variation of this using AWS and having issues with HttpOnly Cookies, and CORS here are some tips:
Server-side: Make sure to set your cookie with HttpOnly; SameSite=None; Secure
Server-side: Make sure you return a header Access-Control-Allow-Origin with a specific value, NOT "*"
Server-side: With your Serverless config, make sure your /login and /refresh-token functions' cors value includes a specific origin (same as above) as well as headers array including "Access-Control-Allow-Credentials" not just the API Gateway defaults. This is so you can set withCredentials on the client side
Client-side: set axios to have withCredentials: true
The text was updated successfully, but these errors were encountered:
For those implementing a variation of this using AWS and having issues with HttpOnly Cookies, and CORS here are some tips:
HttpOnly; SameSite=None; SecureAccess-Control-Allow-Originwith a specific value, NOT"*"/loginand/refresh-tokenfunctions'corsvalue includes a specificorigin(same as above) as well asheadersarray including"Access-Control-Allow-Credentials"not just the API Gateway defaults. This is so you can setwithCredentialson the client sidewithCredentials: trueThe text was updated successfully, but these errors were encountered: