Safari ships with conservative cross domain cookie policy. It means that if website on safari calls other api on other domain and this api returns set-cookie header, it will not work on Safari, cookie will not be set eventually. Having this issue in my recent project I had to come up with a workaround.

Proxy is written in Node.JS, it overwrites Set-Cookie domain: api.com -> frontend.com. So browser now sets cookie for frontend.com and proxy sends them to Api.

    const stream = request({ url: gatewayURL, headers: reqHeaders });

    var onHeaders = require('on-headers');
    onHeaders(res, function () {
      if (!newCookieDomain || !res.getHeader('set-cookie')) {
        return;
      }
      let allCookies = res.getHeader('set-cookie');
      allCookies = allCookies.map((cookie) => {
        const regex = / Domain=([^;])*/gm;
        const subst = ` Domain=${newCookieDomain}`;
        const result = cookie.replace(regex, subst);
        return result;
      });

      res.setHeader('set-cookie', allCookies);
    });

| 02.12.2022

Leave a Reply

Your email address will not be published. Required fields are marked *