- local development, FE (3008) & BE (6047) running in separate ports
- want to send and read cookies over
fetch
, BE sets, FE sends,http-only
- in real environments, CORS is handled in api-gateway, so just need local CORS solution here
- fetch needs to have
:credentials
set to"include"
(different ports,"same-origin"
doesn't seem to work) - because of 1, the local CORS can't have wildcards, you need list all possible headers, origins etc.
- also need to set
"Access-Control-Allow-Credentials"
to"true"
in BE cors config - and the cookie domain should be
localhost
, while allowed origin ishttp://localhost:3008
(-> (vf/fetch {:uri "http://localhost:6047/sso/info"
:method :get
:credentials "include" ;; this is needed
:headers {"Authorization" (str token-type " " token)}})
(.then save-info))
- simple CORS mw (or use existing)
(defn wrap-local-cors [handler]
(let [with-cors (fn [request response]
(-> response
(update
:headers
merge
{"Access-Control-Allow-Origin" (get-in request [:headers "origin"])
"Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, HEAD, PATCH, OPTIONS"
"Access-Control-Allow-Credentials" "true"
"Access-Control-Allow-Headers" "...list all here..."})))
preflight-response {:status 200, :body "preflight complete"}
preflight (fn [handler request]
(if (= :options (:request-method request))
(fn
([request] (with-cors request preflight-response))
([request respond _] (respond (with-cors request preflight-response))))
handler))]
(fn
([request] (with-cors request ((preflight handler request) request)))
([request respond raise] ((preflight handler request) request (comp respond (partial with-cors request)) raise)))))
... setting the cookies:
- add
ring.middleware.cookies/wrap-cookies
into the pipeline and set the cookie with:
{:status 200
:body body
:cookies {"kikka" {:value "kukka6"
:http-only "true"
:domain "localhost"}}}