0

It's my cors headers:

r := chi.New Router()

r.Use(cors.Handler(cors.Options{
    AllowedOrigins:   []string{"https://SECRET.COM", "http://SECRET.COM"},
    AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
    Allowed Headers:   []string{"*"},
    Exposed Headers:   []string{"*"},
    Allow Credentials: true,
    Max Age:           600, // Maximum value not ignored by any of major browsers
}))

It's my handler:

func (h *Handler) signIn(w http.ResponseWriter, r *http.Request) {
  var input signInInput

  err := json.NewDecoder(r.Body).Decode(&input)
  if err != nil {
    NewErrorResponse(w, http.StatusBadRequest, err.Error())
    return
  }

  token, err := h.Service.Authorization.GenerateToken(input.Email, input.Password)
  if err != nil {
    NewErrorResponse(w, http.StatusBadRequest, err.Error())
    return
  }

  http.SetCookie(w, &http.Cookie{
    Name:     JwtTokenName,
    Domain: "SECRET.COM",
    Value:    token,
    HttpOnly: false, // true - for prod; now it's false for test
    Expires:  time.Now().Add(6 * time.Hour),
    // MaxAge: 0, // TEST! WARNING
    Path:     "/",
  })

  w.WriteHeader(http.StatusOK)
  logger.Debug(fmt.Sprintf("User is logged in with email: %s.   Token: %s", input.Email, token))
}

But it's doesn't working.

I tried different options of body function SetCookie, such as:

http.SetCookie(w, &http.Cookie{
    Name:     JwtTokenName,
    Domain: "SECRET.COM",
    Value:    token,
    HttpOnly: false, // true - for prod; now it's false for test
    Expires:  time.Now().Add(6 * time.Hour),
    Path:     "/",
})

http.SetCookie(w, &http.Cookie{
    Name:     JwtTokenName,
    Value:    token,
    HttpOnly: false, 
    Expires:  time.Now().Add(6 * time.Hour),
    Path:     "/",
})

http.SetCookie(w, &http.Cookie{
    Name:     JwtTokenName,
    Domain: "SECRET.COM",
    Value:    token,
    HttpOnly: false,
    MaxAge: 0,
    Path:     "/",
})

http.SetCookie(w, &http.Cookie{
    Name:     JwtTokenName,
    Domain: "SECRET.COM",
    Value:    token,
    Path:     "/",
})

but it's doesn't work. Please help me :)

P.S. it's not about time (I set it with a margin and taking into account the time zone and time difference on the server)

Improve this question
3
  • 3
    "it's doesn't work" - please provide more info on what does not work. Check in your browser dev tools (other browsers have similar functionality) to see if the cookie is in the request header, if it's stored, and if it's in subsequent response headers. Providing a reproducable example would make it easier to help (something like this works for me).
    – Brits
    Commented Jul 6 at 22:20
  • @Brits yes, this error is observed in all browsers. Error consists that cookie comes with response in header but it's not adding to browser (Application page) therefore singup to application not execute. Header info: Set-Cookie: AccessJwtToken=token; Path=/; Domain=domain.com; Expires=Mon, 08 Jul 2024 23:28:42 GMT; Secure; SameSite=Strict
    – Imran
    Commented Jul 8 at 17:29
  • Sorry - there is still not enough info here (the header looks fine). Please try the example I linked (this works fine for me).
    – Brits
    Commented Jul 8 at 20:24
Related questions
1356
How do I set/unset a cookie with jQuery?
275
Set cookies for cross origin requests
1149
How to set the Content-Type header for an HttpClient request?
Load 4 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.