https://www.ory.sh/ logo
Join Slack
Powered by
Greetings, I have a question about cookies. I've ...
# ory-network
m
Greetings, I have a question about cookies. I've recently moved to using the scs package for managing cookies and I am now encountering an issue with the Ory Cookie making its way to my servers. Here is the cookie:
Copy code
set-cookie: ory_session_<project>=... Path=/; Domain=<project>.<http://projects.oryapis.com|projects.oryapis.com>; Expires=Thu, 10 Mar 2022 21:56:06 GMT; Max-Age=86400; HttpOnly; Secure; SameSite=Lax
However the cookie is not found in the cookies of the request by the time it hits my callback. I think the library is filtering those cookies because the domain value does not match my application. Is this something I can setup in Ory Cloud for my project?
I probably did this wrong but I have a development project and a production(ish) one. I remembered I was able to set the domain in the latter after moving off the Developer plan.
What is the solution for those of us using Cloud for localhost via Ory Proxy to get the cookie domain to match?
Setting the flag 
--cookie-domain
to my localhost gave me hope but the response cookie domain is still set to my ory project URL
h
Hey there, in case you’re using the Ory Proxy with Go, check this out: https://www.ory.sh/docs/guides/protect-page-login/go
p
Hey @User Make sure that your browser is always pointing to the proxy. The proxy rewrites the requests and cookies so that it is on the domain of the proxy instead of the Ory project domain.
m
Hey! Yep, I changed my Ory redirect to localhost:4000 from the upstream host. So now my redirects go thru the proxy. But I still see the browser (FF and Chrome) reporting the cookie host as my project domain. I Will give it some research.
@User and @User I think I have hit a roadblock. I am concerned about how to configure this in production bc I do not understand how the proxy is working in development. The callback working correctly when I provide an FQDN (see picture 🎉). When I provide a path it uses the FQDN I provided for Server Configurations. This may need to be made more explicit, especially when using the proxy. When passing a 
/yourpath
it actually sets the Location header to 
/config-url/.ory/yourpath
When I finally have cookies as expected, I run:
Copy code
session, res, err := a.ory.oryhttpc.V0alpha2Api.ToSession(r.Context()).Cookie(cookies).Execute()
Which results in this error
Copy code
"error":"Get \"<http://127.0.0.1:4000/.ory/api/kratos/public/sessions/whoami>\": dial tcp 127.0.0.1:4000: connect: connection refused"
What is incredibly strange is when I copy and paste this URL into a browser I get back the response I need! Note for all requests I am runnng incognito.
h
@User if you can take a look :)
👍 1
p
Hi @User In production you would use your domain (e.g. auth.example.com) which you can add on your project https://www.ory.sh/docs/guides/custom-domains. We don't recommend using the Ory Proxy in production since its purpose is to make local development easier, not production. The proxy is essentially rewriting the requests to and from the server for you so that you don't get CORS and Cookie errors. So instead of your Ory project setting the cookies, the proxy is essentially doing it. Your service can now also speak to Ory servers without needing to be on 
<http://oryapis.com|oryapis.com>
or 
ory.sh
domain (the proxy is tricking the browser by making requests on behalf of your browser to the Ory domains). The proxy also operates on a prefix 
.ory/
to distinguish your api paths from ory's since now everything is running through the proxy. As for the error above, I couldn't reproduce it. The only thing I can think of is that the proxy is setup incorrectly. Which version of the proxy are you running? Maybe there is a bug somewhere.
Copy code
➜  ~ ory version
Version:    v0.1.24
Git Hash:   8f8ddeceb9c418de77b15fd2e49b16cf5a3f9196
Build Time: 2022-02-23T09:51:12Z
6 Views
Open in Slack
PreviousNext
Powered by