R
Railway5mo ago
Daniel Noworyta

SSL Secure Set-Cookie

Hi i have my API on api.danielnoworyta.com and my client on kursy.danielnoworyta.com My api suppose to give back set-cookie header when im hittinh /session-auth/sign-in but it's not My desired cookie option is: 
session({
          store: this.sessionService.redisStore,
          name: 'course_api',
          secret: this.configService.getOrThrow('passport.sessionSecret'),
          resave: false,
          saveUninitialized: false,
          cookie: {
            secure:
              this.configService.getOrThrow('environment') === 'production',
            httpOnly: true,
            sameSite: 'strict',
            domain:
              this.configService.getOrThrow('environment') === 'production'
                ? '.danielnoworyta.pl'
                : 'localhost',
            maxAge: 2 * 60 * 60 * 1000, // 2 hours
          },
        }),
session({
          store: this.sessionService.redisStore,
          name: 'course_api',
          secret: this.configService.getOrThrow('passport.sessionSecret'),
          resave: false,
          saveUninitialized: false,
          cookie: {
            secure:
              this.configService.getOrThrow('environment') === 'production',
            httpOnly: true,
            sameSite: 'strict',
            domain:
              this.configService.getOrThrow('environment') === 'production'
                ? '.danielnoworyta.pl'
                : 'localhost',
            maxAge: 2 * 60 * 60 * 1000, // 2 hours
          },
        }),
when i turn off secure all is working fine. I think there is problem with SSL cert. My domain is on Vercel currently any ideas how to solve this problem?
Solution:
look into trusting the proxy headers so that your app knows its running behind an https proxy, otherwise it thinks its running with only http and wont let you set the cookie
Jump to solution
5 Replies
Percy
Percy5mo ago
Project ID: 08d2e015-833f-4bf2-927a-9eff232fb9fa
Daniel Noworyta
Daniel Noworyta5mo ago
08d2e015-833f-4bf2-927a-9eff232fb9fa
Solution
Brody
Brody5mo ago
look into trusting the proxy headers so that your app knows its running behind an https proxy, otherwise it thinks its running with only http and wont let you set the cookie
Daniel Noworyta
Daniel Noworyta5mo ago
where i should do this? on railway itself? or settings on my api?
Brody
Brody5mo ago
in your code
Want results from more Discord servers?
Add your server
More Posts
Is there anything similar to AWS Secrets Manager here?Here at Railway, is there any solution similar to AWS Secrets Manager in which I can, through a connSleeping bug?It's saying it's been sleeping but no metrics show?My data disappeared during the migration. Help mePlease helpme to recupear dbRedeployI'm trying to redeploy but build failed. Do I need to copy log here or is there some way to access iHealthchecks not workingHi, no healthchecks are being send to my apps. I tried removing the healthcheck and everything worksPrivate network - cannot connect to postgresthe custom start command: `pnpx prisma migrate deploy` ```Error: P1001: Can't reach database serverHow can I periodically run a management command on railway?I need to cd into the project's folder, and then run ```python manage.py recurpayments```, but i cancannot deploy flask apiHey! I'm trying to deploy a flask API using railway but it's failing. My requirements.txt: ```Flaskapp has been crashed no one file change before startingapp has been crashed no one file change before starting Please check my website it will take 1 to 2app crashed- waiting for file change before startingapp crashed- waiting for file change before starting What error?