https://supertokens.com/ logo
Join Discord
Powered by
Hi <@498057949541826571> Somehow the frontend SDK...
# support-questions-legacy
a
Hi @rp_st Somehow the frontend SDK doesn't set interceptors on fetch and doesn't pass the session data when making requests. Our core is set at 
identity.<domain>.com
and our microservices at 
<microservice_name>.<domain>.com
When calling 
<microservice_name>.<domain>.com
it return a 401 because we can get the logged in user roles. Also when inspecting the request going out of the browser, no supertokens headers or cookies are being sent
r
hey @aquamarine2620 can you enable frontend debug logs and show the output when the API call is made?
a
sure I got that
Copy code
com.supertokens {t: "2023-09-20T12:55:27.023Z", message: "doRequest: start of fetch interception", supertokens-website-ver: "17.0.2"}
com.supertokens {t: "2023-09-20T12:55:27.024Z", message: "shouldDoInterceptionBasedOnUrl: toCheckUrl: http://order.localhost:8081/save_shipping apiDomain: http://identity.localhost:8081 sessionTokenBackendDomain: undefined", supertokens-website-ver: "17.0.2"}
com.supertokens {t: "2023-09-20T12:55:27.024Z", message: "doRequest: Value of doNotDoInterception: true", supertokens-website-ver: "17.0.2"}
com.supertokens {t: "2023-09-20T12:55:27.024Z", message: "doRequest: Returning without interception", supertokens-website-ver: "17.0.2"}
r
right. The issue is that your apiDomain is set to identify.localhost... but you are querying order.localhost..
a
yea because the core is under identity.
but we have many apis
that uses a different subdomain
r
if you want to enable session sharing across multiple api domains, see this: https://supertokens.com/docs/session/common-customizations/sessions/multiple-api-endpoints
a
okay thanks ima check that
Hi @rp_st
Coming back to you about this
Even after following the doc and puting the correct domains ont the inits it still doesn't work
When i inspect the cookies on the frontend, the domain appears to stay the same
the core is located at identity.gamingrent.local, and the cookie always had this domain value regardless of the value of cookieDomain
r
the cookie domain should be 
.gamingrent.local
and not 
gamingrent.local
. Make sure that you have correctly set the values. If you think you have, can you share the frontend and backend session.init?
a
Yes I have, Frontend:
Copy code
recipeList: [
    Session.init({
      sessionTokenBackendDomain: ".gamingrent.com"
    }),
    EmailPassword.init(),
  ],
Backend of core (identity.gamingrent.com) :
Copy code
recipeList: [
    Session.init({
      cookieDomain: `.${process.env.CLUSTER_HOST}`, // <= CLUSTER_HOST = gamingrent.com
      getTokenTransferMethod: () => 'cookie',
Backend (order.gamingrent.com) :
Copy code
recipeList: [
    UserRoles.init(), // RBAC
    Session.init({ cookieDomain: `.${process.env.CLUSTER_HOST ?? ''}` }), // Same
127.0.0.1 is redirected to gamingrent.com with the hostfile on mac so everything is under gamingrent.com
r
The value on the backend for cookieDomain should be 
.gamingrent.com
and not 
gamingrent.com
a
it is
r
the code above says it is 
gamingrent.com
.
a
see the dot in front
r
there is a missinfg 
.
oh right
ok
a
CLUSTER_HOST is equal to gamingrent.com but string interpolation makes .gamingrent.com
r
do you also have multiple frontend domains which are sub domains?
a
no
frontend is at gamingrent.com
every api is under .gamingrent.com
r
ok
a
well technically the frontend is at gamingrent.com:3000
r
so what is happening exactly? When you make an API call, it returns a 401?
a
when on local
yes so we log in on the frontend, every is good but when making a subsequent request to say order.gamingrent.com no cookie is being sent
So our microservice cannot get the roles for the user
r
right. Can i see the network request headers?
a
yes
gimme a sec
r
are you manually setting the credentials header when making the request?
i mean the 
credentials: include
header
a
no
r
are these all of the request headers?
a
the request is made like this
Copy code
const handleSubmit = () => {
    fetch(`${process.env.REACT_APP_RENT_API_BASE_URL}/save_shipping`, {
      method: 'POST'
    })
      .then(res => res.json())
  }
r
can i see the sign in response headers?
a
we don't even send the data currently it's not reaching the controller because the middleware cannot get the current user and the permissions
r
can i see the sign in response headers?
a
the cookie domain is correct
r
right. When you hover on the orange triangle on the right of the set-cookie, what does it say?
a
OH
It's in french
but basically
it says that it's not taken into account because it's a secure cookie
And in local we use http
Is there a way to allow cookies for http for development ?
Copy code
cookieSecure: true
in this init I guess ?
r
right
so you cant use http with cookies
browsers won't allow it
you need to somehow setup https.
a
I achieved to make it work
By setting 
cookieSecure: false
on the session init
Everything work fine 🙂
r
oh! okay! i mis remembered then.
Cool!
a
Thanks !
PreviousNext
Powered by