Does Nordcraft block the Cookie header?
My backend sets http -only cookies via a Set -Cookie header . These are saved correctly in the browser as long as I do not use proxied API requests (which I don 't intend ) . But when I execute API calls from Nordcraft , the Cookie header is not included . Are credentials not included in HTTP request in Nordcraft by default ? Can we include them ? I 've set it to none as lax and strict where neither working . I tried to add a 'Cookie ' header to the API request in the nordcraft editor , but it is not part of the request at all . Can you confirm if requests from Nordcraft include credentials : 'include ' ? Or should I look for a solution in how SameSite or CORS is configured on my end ? For some context : I am setting up Cloudflare as a reverse proxy to prevent our database from being exposed and to enable us to make the same endpoints publicly available for developers that want to connect with our system , while we use the same endpoints on our front -end . And proxy chaining visitors trough the NC proxy and then through our own proxy is an invite to latency and inefficiency . So we are bound to set up custom authentication flow , as I understand it , which is where i am at now . Can you check the dev tools and see if the cookie is being sent ? Maybe this sheds some light on the case . There is no SSR or proxy enabled , the Nordcraft extension is also disabled . When I receive a response from the backend with a Set -Cookie header , these cookies are not saved . (only when I directly visit the API URL ) . But even when the cookie is set in the browser that way , it is not included in other requests to the backend because the Cookie header seems to be omitted . That is why i think "credentials : include " is not configured . But if I fetch with this action , the cookie is set as expected (but again , not sent for Nordcraft initiated API requests ) : / * * * @param {Args } args * @param {Ctx } ctx * / function callFetch (args , ctx ) { fetch ( ' https://cookiecall/getcookie ' , { method : 'GET ' , credentials : 'include ' , / / Required for cookie to be stored } ) .then (res = > res .json ( ) ) .then (data = > { console .log ( ' R e s p o n s e : ' , data ) ; } ) .catch (err = > { console .error ( 'Fetch e r r o r : ' , err ) ; } ) ; }
.jpeg/public)