I'm using koa-session for a login service and found a problem when login from http://localhost.
Front-end app using http-proxy with the config like this
{
"/api", {
target: "https://test.com",
changeOrigin: true
}
}
so when the app is running at localhost:3000, it can sent ajax request to https://test.com
but the problem is when login service send the response header with the set-cookie, the cookie has the secure option (I think probably detect that request is from https because the changeOrigin is set to true). And since i'm using http://localhost, the cookie is not saved (or send), so login is failed.
Currently I manually set secure: false in the config, is there a better way of fixing this?
I'm using koa-session for a login service and found a problem when login from http://localhost.
Front-end app using http-proxy with the config like this
so when the app is running at localhost:3000, it can sent ajax request to https://test.com
but the problem is when login service send the response header with the
set-cookie, the cookie has thesecureoption (I think probably detect that request is from https because thechangeOriginis set to true). And since i'm using http://localhost, the cookie is not saved (or send), so login is failed.Currently I manually set
secure: falsein the config, is there a better way of fixing this?