I am using authentication with cookies, and the application works locally. But on render, I did the following to make it work. But now, I have to enable third party cookies to make it working. I want to have the behavior so that I don’t have to enable third party cookies to have it working. My frontend and backend repos are separately connected to render.
I am sending cookies like so:
const cookieParams = { httpOnly: true, sameSite: "none", secure: true };
res
.cookie(
"access_token",
token,
cookieParams,
{
expires: new Date(Date.now() + 25892000000), // set expiry of 1m
}
)
.status(200)
.json({ ...filteredUser });
My cors options like so:
const corsOptions = {
origin: `${process.env.FRONDEND_LINK}
credentials: true,
optionSuccessStatus: 200,
Headers: true,
exposedHeaders: 'Set-Cookie'
methods: ['GET', 'PUT', 'POST', 'DELETE', 'OPTIONS'],
allowedHeaders: [
'Access-Control-Allow-Origin',
'Content-Type',
'Authorization'
]
};
app.use(cors(corsOptions));
Let’s say I have 2 urls:
render=‘.onrender.com’
frontend link: frontend-url(render)
backend link: backend-url(render)
I have a rewrite as follows:
Source: “/api/", Destination: "backend-url.onrender.com/”, Action: “Rewrite”
On the cookies section of the browser, I can see that under my backend link, the access_token is set, and not under the frontend link.
I am guessing because the access_token cookie is set under the backend link, instead of the frontend link, this issue is occurring. How to solve the problem, since I know this is render causing it, as my code works locally?