Hi. We're trying to use Kratos together with a React app, running the following API calls:

fetch(baseUrl + "/self-service/login/browser", {
            headers: {
                Accept: "application/json",
                "Accept-Encoding": "gzip, deflate, br",
                "Connection": "keep-alive",
                "Content-Type": "application/json",
            },
            method: "GET",
        })

And the login:

fetch(baseUrl + "/self-service/login?flow=" + flowId, {
            body: JSON.stringify(data),
            credentials: "include",
            headers: {
                Accept: "application/json",
                "Accept-Encoding": "gzip, deflate, br",
                "Connection": "keep-alive",
                "Content-Type": "application/json",
                Credentials:  "include",
                "X-CSRF-Token": csrfToken,
            },
            method: "POST",
        })

But it looks like the cookies from the first step aren't being included in the login of the second step. Does anyone have any tips on what we're doing wrong? We've got it to work in Postman, but the cookies seem to be automatically included there. Any help would be much appreciated!

Hi @User Are you getting errors? If so could you share them from Kratos logs / browser logs? You probably just need to check if the browser URL is matching the domain. If you are developing on local you would need to pass the

--dev

flag to kratos so that you can pass the cookie over an insecure protocol (http instead of https). Check out https://www.ory.sh/docs/kratos/guides/configuring-cookies

@User Thanks, Alano. We managed to solve it. We weren't using a proxy in the React app, as we didn't realise it was required. Once we added the proxy, it worked as it was meant to :)