2

My API (Actix-web Rust) is hosted on render.com and my frontend (Vue 3 app) on vercel.com. When I log in, my API send a cookie with SameSite=None, Secure=true and domain render.com. But when I refresh or leave the page, the cookie is lost.

Is it a normal behavior? How avoid loosing my cross domain cookie on page reload?

Ershetz
  • 35
  • 4
  • I had [an issue](https://stackoverflow.com/questions/72531660/cookies-getting-deleted-after-automatic-redirect) similar to this where I never found out *why* it broke, but replacing my `fetch` calls with [`axios`](https://axios-http.com/) calls fixed it... – Jeremy Meadows Jul 07 '22 at 12:14

1 Answers1

2

I think you need to make sure the domain you set for the cookie is correct.

Sites deployed on Render get an .onrender.com subdomain by default (not .render.com, and you can add a custom domain if you want. Make sure you're setting the cookie domain to your backend API domain.

crcastle
  • 630
  • 5
  • 8
  • I changed the cookie domain to match the frontend domain, but Google Chrome refuses to set the cookie. Attached is the link to a screenshot of the error. https://ibb.co/zQ184tP – Ershetz Jul 07 '22 at 09:30
  • 1
    Sorry about that, @Ershetz. I believe you were correct in setting the cookie to the domain of the API. I'm not sure why this you are losing the cookie when you leave the page. Might it require different CORS headers? – crcastle Jul 08 '22 at 00:51
  • I already setup my API CORS policy as "permissive" https://docs.rs/actix-cors/latest/actix_cors/struct.Cors.html#method.permissive – Ershetz Jul 08 '22 at 13:01