I'm using the Golang http
library to set and return a jwt
cookie to the client on successful login, like so:
cookie := &http.Cookie{
Name: "jwt",
Value: "XXXXXXXX",
Domain: "irisvr-dev.com",
}
http.SetCookie(p_w, cookie)
I first send a request from https://irisvr.com
to https://api.irisvr.com
:
authority: api.irisvr-dev.com
method: POST
path: /v3/auth/user/login
scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,ko-KR;q=0.8,ko;q=0.7
content-length: 57
content-type: application/json
origin: https://irisvr-dev.com
referer: https://irisvr-dev.com/login
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
And the server responds as expected:
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,Authorization,Iris-User-Id
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: *
alt-svc: clear
content-length: 380
content-type: application/json
date: Fri, 09 Nov 2018 15:27:12 GMT
set-cookie: jwt=XXXXXXXX; Domain=irisvr-dev.com // <-------- here
status: 200
via: kong/0.14.0, 1.1 google
x-kong-proxy-latency: 1
x-kong-upstream-latency: 50
However, inspecting Document.cookie
and/or expanding the Cookies tab in dev tools does not display the jwt being set. I definitely have cookies enabled, as you can see some other third party plugins setting them successfully:
What am I missing here?