Unable to set cookie when process.server is true

usb248
3
usb248
commented a year ago

What problem does this feature solve?

I have a serverMiddleware with a cookie parser with an internal API (with express).
// Export the server middleware

export default {
  path: '/api',
  handler: app
}

All work fine client side but when axios request is trigerred server side, axios doesn't add set-cookie. I have to do:

$axios.onResponse((resp) => {
        if(resp.headers['set-cookie'] && process.server){
            try{
                res.setHeader('Set-Cookie', [ resp.headers['set-cookie'] ])
            }catch(e) {}
        }
        return resp
    })

Why ?

idea
0
renoirb
40
renoirb
commented a year ago

Where are you writing this?

Do you have Nuxt with a proxy?

Set-Cookie is coming from server to client, so that client can add Cookie header from what it previously received.

What you're doing feels like you're transferring between resp that's visible in $axios.onResponse((resp) => {}), where inside you make reference to res (that we can't see, where is it?)

Can you give more info about what you're trying to achieve, and where this is done?

0
usb248
3
usb248
commented a year ago

Hi @renoirb ,

I write this in a plugin (which use @nuxt/axios module)
res is the node serverResponse (of nuxt) :

export default function ({ $axios, store, res }) {
 ....
$axios.onResponse((resp) => { ... })
})

I have several serverMiddlewares :

serverMiddleware: [
    bodyParser.json(),
    bodyParser.text(),
    '~/servermiddleware/cookie-session', // all routes
    '~/servermiddleware/csrf', // all routes
    '~/api' // prefix api/** (express api)
  ],

~/servermiddleware/cookie-session is a cookie parser which give me access to req.session.something = 'something' to do a set-cookie from server to client.
~/servermiddleware/csrf contain this :

const Tokens = require('csrf')
const tokens = new Tokens()
module.exports = async(req, res, next) => {

    const secret = req.session.csrfSecret || await tokens.secret()
    req.csrfToken = tokens.create(secret)
        // here writing cookie (init the session)
    req.session.csrfSecret = secret

      next()
}

and ~/api contain express api with all routes and check the csrf token of incoming requests

problem scenario :
I'm a user (with any cookie), it's my first visit, the req.session.csrfSecret = secret is set (nuxt node request), in asyncData i'm trying to do a POST request (server-side) with axios (second request).
Axios ignore set-cookie header from first request and trying to do again req.session.csrfSecret = secret with another value instead of to retrieve the cookie of the first request (req.session.csrfSecret is still undefined because axios doesn't include the cookie)

When i do :

$axios.onResponse((resp) => {
        if(resp.headers['set-cookie'] && process.server){
            try{
                res.setHeader('Set-Cookie', [ resp.headers['set-cookie'] ])
            }catch(e) {}
        }
        return resp
    })

i trying to detect if the server axios response contain set-cookie to add this in nuxt client response (for the view). But when i have no cookie, on the first request, set-cookie header is duplicated for example … and it's impossible to check csrf token because cookie is not sended by axios in server side. I find this ugly.

I tried cookiejar or this https://gist.github.com/nzvtrk/ebf494441e36200312faf82ce89de9f2 but it doesn't seem to work…or not compatible with nuxt/axios mobule anyway.

There is something that i haven't understand ?
How to "transport" cookie of one request to another request server side with axios ?
Thanks for your help

0
Informations
Feature RequestOpen
#c131 - Created a year ago