0

I have two applications that I am running locally. A React frontend and a Flask backend. The backend handles all of the OAuth authentication and provides a bunch of end-points for the front-end.

React: http://www.local-app.com:3000/
Flask: http://www.local-app.com/

If I post to the URL http://www.local-app.com/v1/auth/login I get this response data:

Access-Control-Allow-Origin: http://www.local-app.com:3000
Connection: keep-alive
Content-Length: 2
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Nov 2019 03:13:04 GMT
Server: nginx
Set-Cookie: remember_token=username|long_remember_token_here; Expires=Sat, 07-Nov-2020 03:13:04 GMT; Path=/
Set-Cookie: session=long_session_token_here; Domain=.local-app.com; Expires=Mon, 09-Dec-2019 03:13:04 GMT; HttpOnly; Path=/
Vary: Origin

This seems correct to me but the Cookie is never stored on the client no matter what I have tried.

Posting to http://www.local-app.com/v1/auth/login in postman works. The cookie is set and persisted across other end-points.

I think the problem lies with the cookie domain. I have tried setting a proxy and all sorts but nothing has worked.

Any suggestions?

Rob Fyffe
  • 661
  • 1
  • 6
  • 17
  • 1
    This might help: https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests – Selcuk Nov 08 '19 at 04:12

1 Answers1

0

The problem was due to the Flask Cors module overwriting my Nginx CORS configuration. Adding the following code to the Flask app solved the problem for me.

CORS(app, supports_credentials=True)

Thanks Selcuk for pointing me in the right direction.

Rob Fyffe
  • 661
  • 1
  • 6
  • 17