ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

Frappe as backend - Cannot set cookies

Scenario

I’m using Frappe as Headless CMS and using React as a frontend.

Frappe Backend will be locate on ‘https://v13.testing.apps
React Frontend will be locate on ‘https://fe.testing.apps

Problems

I can’t get frontend to register cookies on the domain with out specify the domain name on cookies such as this.

Set-Cookie: sid=0347dfc3cdbdbbfb7abfce3b4cff9a3a0ec7da3b2934bc891a98ed3e; Domain=.testing.apps; Expires=Fri, 02-Apr-2021 15:09:36 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Without Domain=.testing.apps cookies will be set to backend domain and it won’t presist after reload page

Cookies will be save to storage only after I’ve add Domain=.testing.apps to set cookie response.

Things I’ve tried to fixed this problem

  • Set allow_cors on frappe site config "allow_cors": "https://fe.testing.apps:3000"
  • Add withCredentials: true to axios call
  • Set both frontend and backend to use SSL (I don’t think this is related, it just some thing I’ve tried before ended up adding domain to set-cookies)

Question

Should we add domain config to set cookies function on frappe ?

So that we can set cookies to another domain.
Or am I just mis-config something?

Proposal

Some thing like this to set cookies function on frappe.

Function will get cookies domain from site_config.json so that we will be able to set cookies on another subdomain.

self.cookies[key] = {
	"value": value,
	"expires": expires,
	"secure": secure,
	"httponly": httponly,
	"samesite": samesite,
	"domain": get_domain_name_from_site_config(),
}

Limitation, domain name set in site config must be parent domain for both Frontend and Backend or else it’ll end up causing error for backend.

Or we could add a function to check if request comes form CORS domain, if it is return cookie with that domain.

How did you set the domain in each of the cookies?