Railway stripping cookie headers
karanshukla
HOBBYOP

9 months ago

I have a simple SPA with an express backend. The Express backend sets cookies using the node package cookie-session.

Everything works fine locally. On Railway however, I do NOT see any headers for setting cookies. I have verified that it is NOT an issue with the reverse proxy nor is it a browser issue. Everything works fine locally. It is only on Railway where it breaks. I don't see any cookies being set. Here is the express code:

// Create our server
    const app: Express = express();
    app.set("trust proxy", 1);

    // Enable CORS for the frontend client
    app.use(
      cors({
        origin: env.CLIENT_URL,
        credentials: true,
      })
    );

    // Enable cookies
    app.use(
      cookieSession({
        name: "1234",
        keys: [env.COOKIE_SECRET],
        maxAge: 14 * 24 * 60 * 60 * 1000, // 14 days
        secure: env.isProduction,
        sameSite: "none",
      })
    );

Please help!

Solved$10 Bounty

1 Replies

karanshukla
HOBBYOP

9 months ago

I seem to have solved it by adding this to the end Caddyfile:

			# sets the Host header to the header to the dynamic name and port options
			header_up Host {upstream_hostport}
			header_up X-Forwarded-Proto {scheme}
			header_up X-Forwarded-For {remote_host}
			header_up X-Forwarded-Host {host}

Status changed to Solved brody 9 months ago

Loading...