I have the following situation.
Part I:
- localhost:3000 is frontend (React)
- localhost:8000 is backend (Django)
- I make a successful cross-domain GET (I'm using django-cors-headers package)
Part of the response headers:
Set-Cookie: csrftoken=token; expires=Fri, 16-Feb-2018 10:56:00 GMT; Max-Age=31449600; Path=/
- the cookie csrftoken is not being set in the browser (if I'm right, it's due to the browser ignoring cookies from a different domain), although I have it set to allow third-party cookies and site data (in Chrome's settings)
- POST fails due to csrf cookie not being set
Part II:
- I set the cookie manually
- everything works perfect
This is my ajax request:
jQuery.ajaxSetup({
beforeSend: function(xhr, settings) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
});
jQuery.ajax({
url: url,
type: 'POST',
data: {attr: value, csrfmiddlewaretoken: csrftoken},
crossDomain: true,
xhrFields: {
withCredentials: true
}
})
Is there any way to read the cookie after the initial GET and set it in the browser?