Sended cookie is not getting set on frontend

1

Hi everyone, I am having issue were I am hosting my backend on https://setup-spot.onrender.com and my static website on https://setup-6ne8.onrender.com when the user logins in the backend sends cookie session and the frontend receives it but it being blocked by the browser and the error says " This attempt to set a cookie via a Set-Cookie header was blocked because its Domain attribute was invalid with regards to the current host url." and my cookie setting are like this

const app = express()

app.set("trust proxy")
app.enable('trust proxy')

app.use(express.json())
app.use(express.urlencoded({ extended: true }))
app.use(session({
    secret: process.env.SESSION_SECRET,
    resave: false,
    saveUninitialized: false,
    cookie: {
        httpOnly: true,
        path     : '/',
        expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
        maxAge: 1000 * 60 * 60 * 24 * 7,
        domain: frontEndLink,
        sameSite: 'none',
        secure: true
    },
    store: MongoStore.create({ mongoUrl: uri })
}))
app.use(cors({
    origin: [frontEndLink, frontEndLink1, frontEndLink2],
    credentials: true,
    exposedHeaders: ["Set-Cookie"]
}))
app.use(passport.initialize())
app.use(passport.session())
app.use(cookieParser(process.env.COOKIE_SECRET))
passport.use(new LocalStrategy(User.authenticate(),{session: true}))
passport.serializeUser(User.serializeUser())
passport.deserializeUser(User.deserializeUser())

how can I fix it?

2

Hi there,

onrender.com is an entry on the public suffix list, this restricts access to cookies across subdomains as you’re attempting to do here. You should look to use a custom domain here which won’t be limited like this,

Regards,

John B
Render Support, UTC+1 :uk:

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.