JWT cookie from Django backend not working after deploy
I have written a web app, the backend is in Django using django_rest_framework utils and the frontend is in React.js An authentication is based on JWT token stored in cookies and localStorage.
It was working fine when both sides were on the localhost, but after I deployed frontend and backend on the remote server, a Django cannot set cookie in the frontend domain.
Here's my code from LoginView in Django:
`class LoginView(APIView): def post(self, request): username = request.data['login'] password = request.data['password']
user = authenticate(username=username, password=password)
if user is not None:
payload = {
'id': user.id,
'username': user.username,
'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=3600),
'iat': datetime.datetime.utcnow()
}
token = jwt.encode(payload, 'secret', algorithm='HS256')
response = Response()
response.set_cookie(key='jwt', value=token, httponly=False)
response.data = {
'jwt': token,
'username': user.username,
'userId': user.id
}
return response
response = JsonResponse({"message": "An issue occured during the authentication process."})
response.status_code = 500
return response`
settings.py
CORS_ORIGIN_WHITELIST = [
...
'https://<MY FRONTEND>.azurewebsites.net'
...
]
CSRF_TRUSTED_ORIGINS = [
...
"https://<MY FRONTEND>.azurewebsites.net"
]
CORS_ALLOWED_ORIGINS = [
...
"https://<MY FRONTEND>.azurewebsites.net"
]
CORS_ALLOW_CREDENTIALS = True
CSRF_USE_SESSIONS = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_DOMAIN = '.azurewebsites.net'
CORS_ALLOW_HEADERS = list(default_headers) + ['Set-Cookie']
After logging in on my frontend app, I cannot see a cookie with a JWT token.
NOTE: I observed that there's no problem if I'm trying to log in with a Thunderclient.
What can be wrong?
I believed it was a same-site cookies, I tried every option to set this on my new, deployed frontend domain, but it is not working.