I have two applications that I am running locally. A React frontend and a Flask backend. The backend handles all of the OAuth authentication and provides a bunch of end-points for the front-end.
React: http://www.local-app.com:3000/
Flask: http://www.local-app.com/
If I post to the URL http://www.local-app.com/v1/auth/login
I get this response data:
Access-Control-Allow-Origin: http://www.local-app.com:3000
Connection: keep-alive
Content-Length: 2
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Nov 2019 03:13:04 GMT
Server: nginx
Set-Cookie: remember_token=username|long_remember_token_here; Expires=Sat, 07-Nov-2020 03:13:04 GMT; Path=/
Set-Cookie: session=long_session_token_here; Domain=.local-app.com; Expires=Mon, 09-Dec-2019 03:13:04 GMT; HttpOnly; Path=/
Vary: Origin
This seems correct to me but the Cookie is never stored on the client no matter what I have tried.
Posting to http://www.local-app.com/v1/auth/login
in postman works. The cookie is set and persisted across other end-points.
I think the problem lies with the cookie domain. I have tried setting a proxy and all sorts but nothing has worked.
Any suggestions?