node.js - Set HttpOnly Cookies while developing Web App locally

Question

I am developing a web app with angular + nebular auth. Nebular auth is working and I get a JWT token from our auth server. The auth server is made with Node and sets also an HTTPOnly cookie for the refresh token. I want this token to be send along every request. The login response has indeed the Set-Cookie header, but the cookie is never set. I have read a lot of answers in Stack Overflow but everything I tried did not work.

The auth server is in a Cloud server, while I am developing the app locally. This maybe can be a problem already.

Anyway, here's what I have done till now:

Node.js

I am using an HTTP server, and setting the cookie with cookie-parser with:

res.cookie("refresh_token", token, {httpOnly: true, maxAge: ....});

I set the core options in app.js like this:

app.use(cors({
 credentials: true,
 origin: ["http://localhost:4200", "http://127.0.0.1:4200"]
 exposedHeaders = ["Content-Length", .....],
 allowedHeaders = ["Content-Type", "Authorization", "Set-Cookie", ....],
}));

When I get the response of the Login, I do get the Set-Cookie header but I cannot see the cookie in the Cookies tab of my browser console.

I tried to send a request from Angular anyway, with { headers: headers, withCredentials: true } but obviously when I check the cookie in Node there's nothing.

So I am going crazy... it's probably a problem with CORS, because I am developing from localhost and the server is up on the cloud?

How can I make this work?

question from:https://stackoverflow.com/questions/65899928/set-httponly-cookies-while-developing-web-app-locally

Answer 1

Waitting for answers