0

I am creating rest api for my app. The frontend is on localhost:3001 and backend is PHP Slim on localhost:8000. I am trying to set cookies with respond on request for sign up. I am using https://github.com/dflydev/dflydev-fig-cookies for cookies and this is how code looks like:

    public function postSignUp(Request $request, Response $response)
    {
        $body = $request->getParsedBody();

        /**
         * code for creating user
         */

        $result = $this->auth->authenticate($body['email'], $body['password']);

        $token =  $this->auth->generateAccessToken($this->auth->user);

        $refreshToken = $this->auth->generateRefreshToken();

        $response = $response->withStatus(201)->withJson(['message' => 'success']);
        $response = FigResponseCookies::set($response, SetCookie::create('refresh_token')
                         ->withValue($refreshToken['refresh_token'])
                         ->withDomain('localhost')
                         ->withPath('/')
                         ->withExpires($refreshToken['expiration'])
                         ->withHttpOnly());

        return $response;
    }

And this is headers which I get on the client:

Response Headers:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST,OPTIONS
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json
Date: Thu, 28 May 2020 14:25:33 GMT
Server: nginx/1.17.10
Set-Cookie: refresh_token=5ecfc9dd79a504.09760437; Domain=localhost; Path=/; Expires=Thu, 11 Jun 2020 14:25:33 GMT; HttpOnly
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.4

Request Headers:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,ru-UA;q=0.8,ru;q=0.7,zh-CN;q=0.6,zh;q=0.5,en-US;q=0.4,uk;q=0.3
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 96
Content-Type: application/json
Host: localhost:8000
Origin: http://localhost:3001
Pragma: no-cache
Referer: http://localhost:3001/sign-up
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

As you see there is Set-Cookie: refresh_token=5ecfc9dd79a504.09760437; Domain=localhost; Path=/; Expires=Thu, 11 Jun 2020 14:25:33 GMT; HttpOnly header but in tab application cookies nothing appeares.

ExsaNik
  • 63
  • 10

0 Answers0