Web Inspector shows no trace of HttpOnly Cookies

My current project involves implementing user authentication for a website using the MERN stack, and I have opted to utilize JWT tokens stored as HttpOnly cookies. Interestingly, when I made the request via Postman, the cookie was sent in the "Set-Cookie" field in the response header but not in the Safari Web Inspector, as depicted in the image below. The storage tab also showed no signs of any cookies.

https://i.sstatic.net/5bplK.png

To simplify the debugging process, I have reduced my React login form to just a button that submits the user's username and password:

import React from "react";

// Code for sending the request...

export default test;

In the backend, where all incoming requests are initially handled, this is my index.js setup:

// Code block for setting up express and handling API routes...

app.use("/api/user", userRoutes);

The middleware that the login request goes through looks like this:

// Middleware code for logging in users...

Additional Details

In the login middleware, a boolean value for validCredentials is set and returned to the client successfully. Based on my observations, it doesn't seem to be a CORS issue as I could retrieve this value on the front end without any errors. Additionally, other API requests on the webpage that don't involve cookies function correctly.

Interestingly enough, despite using identical data for both Postman and the React code, the evaluation of validCredentials differs between the two. This raises questions about why the behavior changes once cookies are introduced.

If you have any insights or suggestions on where the problem might lie or how I can address it, I would greatly appreciate your input. As a beginner in web development, I am eager to learn and improve.

EDIT

Following dave's answer, I can now receive the "Set-Cookie" header on the frontend. However, it still does not show up in the Storage tab within the web inspector for reasons unknown.

This is the response header:

https://i.sstatic.net/wYE0G.png

And here is the Storage tab where site cookies usually appear:

https://i.sstatic.net/bpZuW.png

javascriptcookiescross-domainbackendhttponly

Answer №1

If you need to make a request in JSON format, ensure to specify the content type header and use JSON.stringify on the object:

response = await fetch("http://localhost:5000/api/user/login", {
  method: "POST",
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ username: "Joshua", password: "qwerty" }),
  mode: "cors",
  // include cookies/ authorization headers
  credentials: "include",
});

Currently, it seems like you are receiving something similar to

existingUser = User.findOne({ username: undefined})

So, when you have:

if (!existingUser) {
    validCredentials = false;
} else { /* ... */ }

You are triggering the validCredentials = false section, while setting the cookie in the other section.

Answer №2

The visibility of the content is hindered due to the fact that you have set it as an httpOnly cookie.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What is the process for deleting certain code from a main component within a React webpage without altering the main component itself?

I have a main component named Layout.jsx that includes the essential elements for the website such as the navigation bar and meta tags. It also contains a Google tag to track analytics across the entire site. Now, I have a specific webpage for Google Ads w ...

javascriptreactjsgoogle-tag-managergoogle-tag-manager-server-side

Is it time to refresh the sibling element when it's selected, or is there

I have recently started working with react and TypeScript, and I am facing some challenges. My current task involves modifying the functionality to display subscriptions and transactions on separate pages instead of together on the same page. I want to sh ...

javascriptreactjstypescript

What is the best method for updating the .value property within an AngularJS controller?

I managed to successfully pass a value from one AngularJS module to another using the .value method. Here is an example of it working: var app = angular.module('app', []); app.value('movieTitle', 'The Matrix'); var app1 =ang ...

javascriptangularjsangularjs-directiveangularjs-scope

Utilizing Selenium to locate an element by its class name and then deleting it from the document object model through

I have found a code that worked really well for me. It involves getting the quantity of messages first and then removing them from the DOM. public static void RemoveMessages() { // Removing messages from the DOM using JavaScript ...

javascriptc#seleniumdom

Preventing redirection post-AJAX call using jQuery

Currently, I am attempting to implement a basic form submission using AJAX to send data to submit.php for database storage. However, upon submission, the page redirects to submit.php instead of staying on the current page. How can I make it submit without ...

javascriptphpjqueryajaxforms

AngularJS: Ensuring Controller Functions are Executed Post AJAX Call Completion via Service

Here's the code snippet I have in my service. this.loginUser = function(checkUser) { Parse.User.logIn(checkUser.username, checkUser.password, { success: function(user) { $rootScope.$apply(function (){ $rootScop ...

javascriptjqueryajaxangularjsxmlhttprequest

Escaping double quotes in dynamic string content in Javascript can prevent unexpected identifier errors

Need help with binding the login user's name from a portal to a JavaScript variable. The user's name sometimes contains either single or double quotes. I am facing an issue where my JavaScript code is unable to read strings with double quotes. ...

javascriptjqueryangular

Checking the size of an HTML numerical input field?

When creating a form that accepts numbers, there may be a specific element, such as a phone number input named phNo, that needs to be exactly 7 digits long. To achieve this validation using JavaScript, the approach is: If the length of the element is not ...

javascripthtml

MongoDB: Group Documents by Calendar Week and Year, then Sum the Values of a single field

{ "GU" : "Person2", "CW" : 2, "Year" : 2015, "_id" : "01" }, { "GU" : "Person2", "CW" : 2, "Year" : 2015, "_id" : "02" }, { "GU" : "Person1", "CW" : 2, "Year" : 2015, "_id" : "03" }, { "GU" : "Person1", ...

javascriptmongodbmeteormongodb-query

JavaScript Restful Framework

My upcoming project involves creating a complex web application using JavaScript. I've decided to utilize CanJS for organizing the client-side elements. I'm leaning towards using Node.js for the server-side portion, but I'm unsure of the be ...

javascriptnode.jsrestexpressjavascriptmvc

Utilizing DataAnnotations in WebApi to Enhance Json Results

While utilizing ASP.NET WebApi to send results in JSON format, is it possible to include Data Annotations on the Model - ModelMetadata? For instance, attributes like DisplayName, ShowInEdit, ShowInDisplay, and other custom attributes along with Fieldname a ...

c#javascriptjqueryasp.net-mvcasp.net-web-api

Create a dropdown menu with Bootstrap 4 that pushes a popup below the navigation bar

I've incorporated a drop-down menu into my Bootstrap 4 navbar, but I'm facing an issue with its positioning. Instead of having the drop-down menu appear below the navbar as intended, it shows up somewhere else due to the default top attribute val ...

javascripthtmlcsstwitter-bootstrapbootstrap-4

Executing file upload in parent component with Angular 2

Is there a way to initiate a file upload from the parent component of the router? Specifically, I need to execute two functions located in the parent component - openFileSelect and uploadSelectedFile to manage the <input type="file"> element. This i ...

javascriptangularangular2-routing

AngularJS users are experiencing issues with the "See More" feature not functioning as expected

One of my tasks involves dealing with a block of text that needs to be truncated using ellipsis. To achieve this, I am utilizing jquery dotdotdot. For more information on dotdotdot, please refer to the documentation. I have created a straightforward dire ...

javascriptcssangularjsdotdotdot

I am interested in organizing a three-dimensional array using JavaScript

Just the other day, I posted a question on PHP, but now I need similar help for JavaScript. Here is my array : var inboxMessages = { 105775: { 0: { 'id': 85, 'thread_id': 105775, ' ...

javascriptarrayssorting

Store the ID of a div in a variable

Currently, I have transformed rock paper scissors from a terminal/console game using prompts and alerts to something playable in a web browser through the use of the jQuery library. In order to achieve this transition, I created images for each hand - roc ...

javascriptjqueryhtml

A guide to defining a color variable in React JS

I am trying to use a random color generated from an array to style various elements in my design. Specifically, I want to apply this color to certain elements but am unsure how to do so. For example, I know how to make a heading red like this: const elem ...

javascripthtmlcssreactjssaas

Generating JSON using Node.js

Currently, I am working on pushing names to a JSON file. The code snippet I have tried is: socket.on('create json', function(data){ var data = JSON.stringify(Data, null, 2); fs.writeFile('participants.json', data) console.l ...

javascriptjsonnode.jssocket.io

file paths starting with a specific drive letter (C:...) for the script tag

Is there a way to reference a Javascript file stored on the host's file system in a non-relative manner, specifically when working on a strictly local site without a web server (only on Windows hosts)? The following method works for Chrome and Firefo ...

javascripthtmlinternet-explorerinternet-explorer-11file-uri

Gatsby: A guide on inserting unadulterated HTML within the head section

Is it possible to insert raw HTML into the <head></head> section of every page in a Gatsby.js project? I need to add a string of HTML for tracking purposes, including inline and external script tags, link tags, and meta tags. For example, here ...

javascripthtmlreactjsgatsbytracking