It's my cors headers:
r := chi.New Router()
r.Use(cors.Handler(cors.Options{
AllowedOrigins: []string{"https://SECRET.COM", "http://SECRET.COM"},
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
Allowed Headers: []string{"*"},
Exposed Headers: []string{"*"},
Allow Credentials: true,
Max Age: 600, // Maximum value not ignored by any of major browsers
}))
It's my handler:
func (h *Handler) signIn(w http.ResponseWriter, r *http.Request) {
var input signInInput
err := json.NewDecoder(r.Body).Decode(&input)
if err != nil {
NewErrorResponse(w, http.StatusBadRequest, err.Error())
return
}
token, err := h.Service.Authorization.GenerateToken(input.Email, input.Password)
if err != nil {
NewErrorResponse(w, http.StatusBadRequest, err.Error())
return
}
http.SetCookie(w, &http.Cookie{
Name: JwtTokenName,
Domain: "SECRET.COM",
Value: token,
HttpOnly: false, // true - for prod; now it's false for test
Expires: time.Now().Add(6 * time.Hour),
// MaxAge: 0, // TEST! WARNING
Path: "/",
})
w.WriteHeader(http.StatusOK)
logger.Debug(fmt.Sprintf("User is logged in with email: %s. Token: %s", input.Email, token))
}
But it's doesn't working.
I tried different options of body function SetCookie, such as:
http.SetCookie(w, &http.Cookie{
Name: JwtTokenName,
Domain: "SECRET.COM",
Value: token,
HttpOnly: false, // true - for prod; now it's false for test
Expires: time.Now().Add(6 * time.Hour),
Path: "/",
})
http.SetCookie(w, &http.Cookie{
Name: JwtTokenName,
Value: token,
HttpOnly: false,
Expires: time.Now().Add(6 * time.Hour),
Path: "/",
})
http.SetCookie(w, &http.Cookie{
Name: JwtTokenName,
Domain: "SECRET.COM",
Value: token,
HttpOnly: false,
MaxAge: 0,
Path: "/",
})
http.SetCookie(w, &http.Cookie{
Name: JwtTokenName,
Domain: "SECRET.COM",
Value: token,
Path: "/",
})
but it's doesn't work. Please help me :)
P.S. it's not about time (I set it with a margin and taking into account the time zone and time difference on the server)