#Can't login, cookie not getting set

Hello, I have a problem with my railway deployement, my front has been successfully deployed on netlify and my back on railway, both are successfully linked and I can create an account, but my problem is that I can't login myself, I have a problem with my cookies, I suppose.
I had this error message :
Access to XMLHttpRequest at 'https://[my-back-url].adaptable.app/jwtid' from origin 'https://[my-front-url].netlify.app/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
until I put this cors option :

app.use((req, res, next) => {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content, Accept, Content-Type, Authorization"
);
res.setHeader("Access-Control-Allow-Credentials", "true");
res.setHeader(
"Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, PATCH, OPTIONS"
);
next();
});

because just puting my front url didn't work, then I had to erase all my withcredentials : true from my front (because I had an error of incompatibility of "Access-Control-Allow-Origin : *" and credentials on true)

That was ok, no error message but I stilled can't login, the cookie doesn't appear...)

I've read that a custom domain could make it work, but I can't buy a domain for that (src : #1048780024691556372 message)

Can anyone help me ? Do anyone have already had this problem or have an idea to resolve it ?

(I'm french, so forgive my bad english 🤦‍♀️ )

Thanks for reading me and have a nice evening 😊 !

N/A

I forgot to mention that it's a MERN project and that I've already tried that :
res.cookie("jwt", token, { httpOnly: true, maxAge, sameSite: 'none', secure : true, domain : "https://[front-url].netlify.app" });
no result

very odd, i cant reproduce this using the echo framework for Go, but i can reproduce this using the express framework for nodejs

i will look into it

Thank you so much for looking into my problem ! 🥹

it is a code issue though just fyi

Can I send you my repo by MP ? I tried so many things since 2 weeks that I even know where is the problem

whats MP

private message

PM, sorry (in french it's inverted)

just hold on a sec

express is picky, remove the domain option from res.cookie function and try again

from my minimal test, cookies dont get set when a domain is specified in the options, remove the domain option and cookie gets set

The domain option is one of the last things I've tried, so even before, it didn't work, but I can try it again !

this might have something to do with railway not providing a host header so express cant verify the domain and fails to set a cookie when a domain is set in the options, but thats just speculation on my part

https://testing-service.up.railway.app/

jwt cookie does get set, thats using express without specifying domain

So I should remove all that code :

app.use((req, res, next) => { res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader( "Access-Control-Allow-Headers", "Origin, X-Requested-With, Content, Accept, Content-Type, Authorization" ); //autorisation d'ajouter les headers mentionnés aux requêtes envoyées vers notre API (Origin , X-Requested-With , etc.) ; res.setHeader("Access-Control-Allow-Credentials", "true"); res.setHeader( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS" ); next(); });
?

i didnt say that

but you would need to set some of that stuff correctly, "" isn't a valid header

There is a * between the "" to allow anyone (the copy paste removed it, I think)

Use code formatting next time

I tried but with line breaks it didn't work anymore 🤔

Have you removed the domain setting from the options

Ah, it worked, sorry !

Yes, it on deploying

Okay now just make sure you setup the cors headers correctly, using a wildcard is not something you want to do in production

In cors option (allowedOrigins) or in app.use res.setHeaders (Access-Control-Allow-Origin) ?

That would be a question for some tutorials

I tried both of them, it didn't work 😕

You'll get it

After 2 weeks of trying, I'm starting to run out of ideas, I've come to the point of consulting chatGPT, that's to say!

I've seen someone else have success with that, and for a much more complex problem, so give it a try, but as it stands this isnt really pertaining to railway anymore so good luck! 🙂