I have made an API in golang. Backend and frontend are running on separate servers. When I test the API with POSTMAN everything works fine and I receive the cookie containing the jwt token but when I do the request from the frontend then no cookie is received.
Here is the middleware for handling CORS:
func corsHandler(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// origin := r.Header.Get("Origin")
w.Header().Set("Access-Control-Allow-Origin", "http://localhost:5000")
if r.Method == "OPTIONS" {
w.Header().Set("Access-Control-Allow-Credentials", "true")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-CSRF-Token, Authorization, access-control-allow-origin")
return
}
h.ServeHTTP(w, r)
})
}
Following is the cookie generator:
jwtCookie := &http.Cookie{
Name: "jwtToken",
Secure: false,
HttpOnly: true,
Value: tokenString,
Expires: expiryTime,
}
http.SetCookie(w, jwtCookie)
w.Header().Add("Access-Control-Allow-Credentials", "true")
w.WriteHeader(http.StatusOK)
Following is the ajax request:
$.ajax({
type: 'POST',
url: 'http://localhost:8080/api/signin',
data: JSON.stringify({
"username": $('#username').val(),
"password": $('#password').val()
}),
xhrFields: { withCredentials: true },
contentType: "application/json",
dataType: "json",
success: function(data) {
console.log(data);
},
error: function(message) {
console.log(message.responseJSON);
}
});
In firefox the response header looks like this: As you can see in image 1, the cookie is received in header but it is not visible in storage
In chrome the response header looks like: there is no cookie visible in chrome
I am stuck on this for quite a long time. Any help would be valuable :)