I have a full-stack application divided into 2 apps: front-end and backend. The front-end is React app running under web dev server. The back-end is Flask app working as Restful API. I implemented JWT on back-end and wonder if I can store JWT access and refresh tokens in cookies. I found the usual implementation doesn't work (I mean JWT_TOKEN_LOCATION = 'cookies' and set_access_cookies()) - I don't see any cookies attached. Is that because 2 apps are working on different domains? Is that even possible or not?
Is it possible to send JWT tokens if front-end is hosted on one domain, and back-end on another one?
Asked
Active
Viewed 315 times
1 Answers
1
SET SameSite=Lax and cookie_domain=".xyz.com", But remember for development you will have to change the alias for localhost, let's say your frontend is on frontend.xyz.com and backend is on backend.xyz.com then do get local.xyz.com as an alias for your localhost to get the configuration work in a development environment.
you can do so by editing the /etc/hosts for Linux and Unix based systems for windows you can google.
Amrish Mishra
- 180
- 1
- 12