9 months ago
Hi,
I've been stuck since Friday evening on a 401 for Login page.
Frontend is on www.hrnov.ai and backend on a backend link.
Set cookie is blocking because not recognizing the domain (2 different domains).
How can I solve this?
Is there a way to put the backend under www.hrnov.ai?
On dev mode works fine, the jwt set in cookies is persistant with no problem.
On production mode, it doesn't even set it...blocked!
Thanks,
Rita
4 Replies
9 months ago
Hi Rita, this sounds like a CORs issue could you please recheck you have the appropriate CORS headers in your backend as well as the correct jwt cookie options?
Status changed to Awaiting User Response Railway • 9 months ago
chandrika
Hi Rita, this sounds like a CORs issue could you please recheck you have the appropriate CORS headers in your backend as well as the correct jwt cookie options?
9 months ago
Hi Chandrika,
I've set everything in variables and directly adding the www.
What else can I do?
res.cookie("jwt", token, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "strict",
maxAge: 3600000,
});app.use(
cors({
origin: [
process.env.FRONTEND_URL,
process.env.REACT_APP_API_URL_4000,
process.env.REACT_APP_API_URL_3000,
process.env.CORS_DOMAINS,
"https://frontend-production-28c9.up.railway.app",
"https://backend-production-717e.up.railway.app/",
"https://www.hrnov.ai"
],
credentials: true,
methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
allowedOrigins: [
process.env.FRONTEND_URL,
process.env.REACT_APP_API_URL_4000,
process.env.REACT_APP_API_URL_3000,
"https://frontend-production-28c9.up.railway.app",
"https://backend-production-717e.up.railway.app/",
"https://www.hrnov.ai"
],
allowedHeaders: [
"Content-Type",
"Authorization",
"X-User-Language",
"Accept-Language",
"Preferred-Language",
"Origin",
"Accept"
],
exposedHeaders: ["Content-Range", "X-Content-Range"],
})
);Status changed to Awaiting Railway Response Railway • 9 months ago
chandrika
Hi Rita, this sounds like a CORs issue could you please recheck you have the appropriate CORS headers in your backend as well as the correct jwt cookie options?
9 months ago
Any ideas and/or recommendations?
9 months ago
Hey Rita, believe you’d have to set the “sameSite to 'none' in your cookie as well as specify the domain. I’d also recommended research the web for cross-domain authentication using JWT or similar so you can correctly set this up and follow best security practice.
Status changed to Awaiting User Response Railway • 9 months ago
2 months ago
This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!
Status changed to Solved Railway • 2 months ago