Skip to content

Working with Serverless / AWS Lambda #14

New issue
New issue
Open
Open
Working with Serverless / AWS Lambda#14
@oliviermills

Description

@oliviermills
oliviermills
opened on Feb 22, 2021

For those implementing a variation of this using AWS and having issues with HttpOnly Cookies, and CORS here are some tips:

  1. Server-side: Make sure to set your cookie with HttpOnly; SameSite=None; Secure
  2. Server-side: Make sure you return a header Access-Control-Allow-Origin with a specific value, NOT "*"
  3. Server-side: With your Serverless config, make sure your /login and /refresh-token functions' cors value includes a specific origin (same as above) as well as headers array including "Access-Control-Allow-Credentials" not just the API Gateway defaults. This is so you can set withCredentials on the client side
  4. Client-side: set axios to have withCredentials: true

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions