JWT token not being sent in production (Django REST Framework & Next.js 14)
I'm facing an issue where JWT tokens are not being sent from the client to the server in my production environment. The project consists of a Django REST Framework backend and a Next.js frontend. Everything works fine in the development (127.0.0.1) environment, but in production, the JWT token stored in the cookies is not being sent back to the server.
Project Setup: Backend (Django) Settings: Here are my relevant settings in settings.py:
REST_AUTH = {
'JWT_AUTH_COOKIE': 'token',
'JWT_AUTH_REFRESH_COOKIE': 'refresh_token',
'JWT_AUTH_SECURE': True, # Enabled for production
'JWT_AUTH_HTTPONLY': True,
'JWT_AUTH_SAMESITE': 'None',
}
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOWED_ORIGINS = [
'https://vasa.liara.run', # My frontend domain
]
Frontend (Next.js) Configuration: On the client side, I'm sending requests using fetch as follows:
fetch("https://api-vasa.liara.run/auth/login", {
method: "POST",
credentials: "include", // Ensure cookies are sent
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({ username, password })
});
Environment: Frontend URL: https://vasa.liara.run Backend URL: https://api-vasa.liara.run Browser: Chrome (latest version) HTTPS is enabled for both frontend and backend.
Why aren't the cookies being sent in subsequent requests? What could be causing this issue, and how can I fix it?