Really struggling on getting a Fetch API call to send cookies along in the request headers in Chrome (also they are not being set from 'Set-Cookie' response headers from returned API responses in Chrome). Both however, work on Firefox.
Feel like I've tried a million solutions here, can someone explain what I'm guessing is the SameSite issues for Chrome?
Our base api URL is https://stage-api-v2.cbb.play
Aliased hosts file for localhost:
127.0.0.1 localhost
127.0.0.1 local.cbb.play
Cookie that is set that we are trying to forward along
import * as cookie from 'cookie';
import { NextApiRequest, NextApiResponse } from 'next';
export default (req: NextApiRequest, res: NextApiResponse) => {
res.setHeader(
'Set-Cookie',
cookie.serialize('refresh_token', req.body.token, {
httpOnly: true,
maxAge: 60 * 60,
secure: process.env.NODE_ENV === 'production',
path: '/',
sameSite: 'lax',
domain: '.cbb.play',
})
);
res.statusCode = 200;
res.json({ success: true });
};
Front end code that calls the API:
async function renewSession(payload) {
return await fetch(process.env.BASE_URL + '/api/user/renew-session', {
method: 'POST',
credentials: 'include',
headers: { 'Content-type': 'application/json' },
body: JSON.stringify(payload)
})
}
Request header in Firefox:
POST /api/user/renew-session HTTP/2
Host: stage-api-v2.cbb.play
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: application/json
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: http://local.cbb.play:3000/
Content-Type: application/json
Origin: http://local.cbb.play:3000
Connection: keep-alive
Cookie: refresh_token=a49d51basasdfg4a569cc43b8603ac916f72c0102ace7b463d9c2;
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: Trailers
Request Header in Chrome (no cookie):
:authority: stage-api-v2.cbb.play
:method: POST
:path: /api/user/renew-session
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-length: 0
content-type: application/json
origin: http://local.cbb.play:3000
pragma: no-cache
referer: http://local.cbb.play:3000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Response Header: (Note, removed non-important properties)
access-control-allow-credentials: true
access-control-allow-headers: Set-Cookie, Credentials, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
access-control-allow-methods: GET, HEAD, OPTIONS, POST, PUT, DELETE
access-control-allow-origin:http://local.cbb.play:3000
access-control-expose-headers: Content-Length,Content-Range,Set-cookie
content-encoding: gzip
content-type: application/json
I make an Ajax Post and get the following error:
414 Request-URI Too Large
Why is the data still sent over the URL and not only in the body?
In Chrome is see param1 data in the request URL, query string parameters and in request payload, how to remove it from the URL?
routes = JSON.stringify(routes);
$.ajax({
type: "POST",
url: "http://127.0.0.1:3000/s",
data: {
param1: routes
},
success: function(data) {
$('div.home-products').html(
data);
}
});
This is the full routes object after stringify:
{"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
This the Chrome network
Request URL: http://127.0.0.1:3000/en/s?param1=%7B%220%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A-19.9245%2C%22lng%22%3A-43.93520000000001%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A54%7D%2C%221%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A52.52%2C%22lng%22%3A13.404999999999973%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A53%7D%2C%222%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A44.7866%2C%22lng%22%3A20.44889999999998%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A52%7D%2C%223%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A37.9838%2C%22lng%22%3A23.727499999999964%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A51%7D%2C%224%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.8518%2C%22lng%22%3A14.268100000000004%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A50%7D%2C%225%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A48.0527%2C%22lng%22%3A12.224500000000035%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A49%7D%2C%226%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A48.8566%2C%22lng%22%3A2.3522199999999884%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A48%7D%2C%227%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A51.0504%2C%22lng%22%3A13.737300000000005%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A47%7D%2C%228%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A49.7764%2C%22lng%22%3A12.091699999999946%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A46%7D%2C%229%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A49.7764%2C%22lng%22%3A12.091699999999946%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A44%7D%7D&view=grid
Request Method: POST
Status Code: 414 Request-URI Too Large
Remote Address: 127.0.0.1:3000
Referrer Policy: no-referrer-when-downgrade
Response Headersview source
Connection: close
Content-Length: 331
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 09 Apr 2018 18:40:48 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.4/2017-03-30)
Request Headersview source
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7,pt-BR;q=0.6,pt;q=0.5
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 4338
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: _st_session=SkhkUk1HSHhSS1liRXVZbmZBZUcxcE1IZkhVcTNpYkFrWnNWbE5TaFY4b295c0RIVlJMQ09EbFVhQnJvWXA5OW5QeGY4dEhnREpUN09rZUR3eDVOM1UyWWRxcUllN3E2azM2TE0zakttbnZENzRmRU5lWGRHN0ZaNFh6c1MrVzBZd1R1Q1lDeGNGb1Z5M0ZGZ1hncTlUZG9kMnFHdUFuNXg4R01pckR3dHFhYzhtb0l2VW0rWWZwUVV2UGJ1bXQrWE1OVGhDREpTellKV3VKaDVEQnZNQ0FmYkRmL3BoZjVwUG8vNmRucnpuOG9jOUhXUnpWS2dCeC9NUWx0Y2ZNcmtuMDludWhybmxBUTAxNjhPNi95U2c9PS0tV2VqeWNBV3k1d1VrNDBnMEwxa0Z6Zz09--76684486bfaa221829f7d6c7f99d1833550ef865
Host: 127.0.0.1:3000
Origin: http://127.0.0.1:3000
Pragma: no-cache
Referer: http://127.0.0.1:3000/s?view=grid
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
X-CSRF-Token: rlyweDRRbVWVz+TC3MW+roDh2N9WFoAfAPT5oiC+k6LfCgMx4N4zbpfRP98UUT9H2y55Fzco9pI3MQjkuqkPng==
X-Requested-With: XMLHttpRequest
Query String Parametersview source
view URL encoded
param1: {"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
view: grid
Form Dataview source
view URL encoded
param1: {"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
view: grid
This is just a wild guess, but see if this helps:
url: window.location.href.replace(/\?.*$/, ''),
You definitely don't need to be passing along the get parameters that are in your href value, and this will strip them off. Perhaps the presence of any get parameters, even if it's just view-grid causes ajax to send your POST parameters as query parameters as well.
It turned out to be the missing contentType: "json", option.