-
Notifications
You must be signed in to change notification settings - Fork 674
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't access cookie on localhost inside app #2103
Comments
Hi @green-arrow
Did you write a |
@miherlosev - The |
Ok, I understand you. We need additional time to reproduce the problem. |
Thanks for looking into this! |
We found the problem looks like the one described above. |
Thanks for the investigation! I’ll close this issue since it’s tracked in the other repo. |
This thread has been automatically locked since it is closed and there has not been any recent activity. Please open a new issue for related bugs or feature requests. We recommend you ask TestCafe API, usage and configuration inquiries on StackOverflow. |
Are you requesting a feature or reporting a bug?
Bug
What is the current behavior?
Calling
document.cookie
returns an empty string within the application being tested.What is the expected behavior?
Calling
document.cookie
returns all cookies onlocalhost
.How would you reproduce the current behavior (if this is a bug)?
Our situation is a little unique in that we have our login page on a separate subdomain from the app we're testing. Upon logging in, the API returns an
XSRF-TOKEN
cookie set to the root domain (for this case,localhost
). The application then readsdocument.cookie
to inject the token into future request headers.Sample response header:
This works fine in our deployed environment, where we have
www.ourapp.com
andmy.ourapp.com
domains, and the cookie specifies.ourapp.com
as the domain for theXSRF-TOKEN
cookie. This only occurs on localhost. The two application run on separate ports on localhost, one on port 8080 and one on 3000.Specify your
Please let me know if you need any additional details. As a temporary measure we are disabling CSRF protection locally, but this is not a long term solution for us unfortunately.
Thanks!
The text was updated successfully, but these errors were encountered: