I have a FastAPI application running with Uvicorn for server as a Render web service. Suppose this listens for requests on the api subdomain. There’s also an SPA frontend running as a Render web service that lives in the app subdomain.
There is a typical Oauth2 in place. The user clicks on a button in the SPA and makes a request to Google to get back an authorization url. The browser is redirected to that url and once the authorization is complete, Google pushes the user to the callback url, which lives in my api.something.com service.
Now, because I need to set a cookie to the SPA, I craft a response object and add headers to it. One of these headers is a 302 redirect and the other is a set-cookie. The redirect header seems to work fine. The browser is redirected to “app.something.com” But, the set-cookie header does not work as it should, as there are no cookies set in the browser.
I’ve tested the setup in other environments and it seems to work fine. For some reason, when running the FastAPI service as a Render web service this does not work.
This is a deal-breaker for us. Thanks in advance!