Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookies not added to requests under same domain #6533

Closed
richarddavenport opened this issue Sep 2, 2022 · 2 comments
Closed

Cookies not added to requests under same domain #6533

richarddavenport opened this issue Sep 2, 2022 · 2 comments

Comments

@richarddavenport
Copy link
Contributor

Describe the bug

I have an api under my domain and my site is also hosted under that domain. I use cookies for authentication and on the client side cookies work, but on server side renders the cookies are stripped. I've tried several things at getting around this, but I think this will require a code change. Hoping I'm just missing something!

Here's the breakdown:
Api

https://api.subdomain.domain.com

Several SvelteKit sites hosted

https://site1.subdomain.domain.com
https://dev.site1.subdomain.domain.com
https://qat.site2.subdomain.domain.com

I use a cookie with the domain set as domain.com. In the browser it adds the leading period, so it's technically .domain.com, but the point is that every sub domain should receive the cookie.
I'm reading from here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent. From the docs:

if you set Domain=mozilla.org, cookies are available on subdomains like developer.mozilla.org.

The main chunk of code in the sveltekit codebase I'm confused on is here: https://github.com/sveltejs/kit/blob/master/packages/kit/src/runtime/server/page/fetch.js#L155-L170.
Why is "same-origin" mentioned? I don't believe that is a good opinion.

I can submit a PR, but I would rather start a discussion.

Reproduction

This is a tough one to reproduce given the dependencies. If this is really required to help move this discussion along, I can get something going. However I don't know how helpful it actually would be.

Logs

No response

System Info

System:
    OS: macOS 12.3.1
    CPU: (12) x64 Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Memory: 34.07 MB / 16.00 GB
    Shell: 5.7.1 - /usr/local/bin/zsh
  Binaries:
    Node: 16.17.0 - /usr/local/bin/node
    Yarn: 1.22.15 - ~/.yarn/bin/yarn
    npm: 8.15.0 - /usr/local/bin/npm
    Watchman: 2022.07.04.00 - /usr/local/bin/watchman
  Browsers:
    Brave Browser: 104.1.42.97
    Chrome: 104.0.5112.101
    Firefox: 99.0.1
    Safari: 15.4

Severity

blocking all usage of SvelteKit

Additional Information

Not quite sure how to use cookies at this point. If this is how cookies will work, we have to abandon the way we've architected our authentication. But that begs the question... are we doing it wrong, or is SvelteKits handling of cookies wrong?

@richarddavenport richarddavenport changed the title Cookies not being add to requests under same domain Cookies not being added to requests under same domain Sep 2, 2022
@richarddavenport richarddavenport changed the title Cookies not being added to requests under same domain Cookies not added to requests under same domain Sep 2, 2022
@Conduitry
Copy link
Member

Duplicate of #4750.

@Conduitry Conduitry closed this as not planned Won't fix, can't repro, duplicate, stale Sep 2, 2022
@richarddavenport
Copy link
Contributor Author

@Conduitry Thanks! Sorry I missed that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants