I have a NodeJS express application. I am using express-session and passport to manage cookies/authentication. I am hosting my application on Google Cloud Platform's App Engine. I have setup my server to run on a custom domain. When I use the appspot HTTPS URL, everything works fine. But when I use my custom URL the cookies are not set by the backend. I am using Cloudflare Flexible HTTPS to get a SSL on my custom domain.
Asked
Active
Viewed 9 times
1 Answers
0
The issue is that the CNAME DNS record on Cloudflare was set to "Proxy" and therefore google was unable to verify that the request was coming from an HTTPS URL, and therefore set the x-forwarded-proto header to HTTP causing express session to not set the cookie.
SamB
- 2,621
- 4
- 34
- 39