You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an api under my domain and my site is also hosted under that domain. I use cookies for authentication and on the client side cookies work, but on server side renders the cookies are stripped. I've tried several things at getting around this, but I think this will require a code change. Hoping I'm just missing something!
I can submit a PR, but I would rather start a discussion.
Reproduction
This is a tough one to reproduce given the dependencies. If this is really required to help move this discussion along, I can get something going. However I don't know how helpful it actually would be.
Not quite sure how to use cookies at this point. If this is how cookies will work, we have to abandon the way we've architected our authentication. But that begs the question... are we doing it wrong, or is SvelteKits handling of cookies wrong?
The text was updated successfully, but these errors were encountered:
richarddavenport
changed the title
Cookies not being add to requests under same domain
Cookies not being added to requests under same domain
Sep 2, 2022
richarddavenport
changed the title
Cookies not being added to requests under same domain
Cookies not added to requests under same domain
Sep 2, 2022
Describe the bug
I have an api under my domain and my site is also hosted under that domain. I use cookies for authentication and on the client side cookies work, but on server side renders the cookies are stripped. I've tried several things at getting around this, but I think this will require a code change. Hoping I'm just missing something!
Here's the breakdown:
Api
Several SvelteKit sites hosted
I use a cookie with the domain set as
domain.com
. In the browser it adds the leading period, so it's technically.domain.com
, but the point is that every sub domain should receive the cookie.I'm reading from here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent. From the docs:
The main chunk of code in the sveltekit codebase I'm confused on is here: https://github.com/sveltejs/kit/blob/master/packages/kit/src/runtime/server/page/fetch.js#L155-L170.
Why is "same-origin" mentioned? I don't believe that is a good opinion.
I can submit a PR, but I would rather start a discussion.
Reproduction
This is a tough one to reproduce given the dependencies. If this is really required to help move this discussion along, I can get something going. However I don't know how helpful it actually would be.
Logs
No response
System Info
System: OS: macOS 12.3.1 CPU: (12) x64 Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz Memory: 34.07 MB / 16.00 GB Shell: 5.7.1 - /usr/local/bin/zsh Binaries: Node: 16.17.0 - /usr/local/bin/node Yarn: 1.22.15 - ~/.yarn/bin/yarn npm: 8.15.0 - /usr/local/bin/npm Watchman: 2022.07.04.00 - /usr/local/bin/watchman Browsers: Brave Browser: 104.1.42.97 Chrome: 104.0.5112.101 Firefox: 99.0.1 Safari: 15.4
Severity
blocking all usage of SvelteKit
Additional Information
Not quite sure how to use cookies at this point. If this is how cookies will work, we have to abandon the way we've architected our authentication. But that begs the question... are we doing it wrong, or is SvelteKits handling of cookies wrong?
The text was updated successfully, but these errors were encountered: