express
express copied to clipboard
expressjs
I tried all I found through the internet but I couldn't resolve "[Object: null prototype] {}" for "req.cookies" result
My application assigns refreshToken to the reponse object as following:
newRefreshToken, { httpOnly: true, secure: true, sameSite: 'None', maxAge: 24 * 60 * 60 * 1000 });
And when I check the Postman I see the assigned JWT token there like below:
jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InFAcS5jb20iLCJpYXQiOjE2NTQ4MDMxMzIsImV4cCI6MTY2MjU3OTEzMn0.ustL6WVKWog53jAe8IFlaLw9g4BL7F1LJg5qc94F4TI; Path=/; Secure; HttpOnly; Expires=Fri, 10 Jun 2022 19:32:11 GMT;
But when I try to read the cookies using req.cookies I get this result after printing out the req object:
cookies: [Object: null prototype] {},
signedCookies: [Object: null prototype] {},
This is my server.js file content:
require('dotenv').config();
const express = require('express');
const app = express();
var passport = require('passport');
const path = require('path');
const cors = require('cors');
const corsOptions = require('./config/corsOptions');
const { logger } = require('./middleware/logEvents');
const errorHandler = require('./middleware/errorHandler');
const verifyJWT = require('./middleware/verifyJWT');
const cookieParser = require('cookie-parser');
const credentials = require('./middleware/credentials');
const mongoose = require('mongoose');
const connectDB = require('./config/dbConn');
const PORT = process.env.PORT || 3000;
// initializing passport
app.use(passport.initialize());
// Connect to MongoDB
connectDB();
// custom middleware logger
app.use(logger);
// Handle options credentials check - before CORS!
// and fetch cookies credentials requirement
app.use(credentials);
// Cross Origin Resource Sharing
app.use(cors(corsOptions));
// built-in middleware to handle urlencoded form data
app.use(express.urlencoded({ extended: false }));
// built-in middleware for json
app.use(express.json());
//middleware for cookies
app.use(cookieParser());
//serve static files
app.use('/', express.static(path.join(__dirname, '/public')));
// routes
app.use('/', require('./routes/root'));
app.use('/register', require('./routes/register'));
app.use('/auth', require('./routes/auth'));
app.use('/refresh', require('./routes/refresh'));
app.use('/logout', require('./routes/logout'));
app.use(verifyJWT);
app.use('/employees', require('./routes/api/employees'));
app.use('/users', require('./routes/api/users'));
app.all('*', (req, res) => {
res.status(404);
if (req.accepts('html')) {
res.sendFile(path.join(__dirname, 'views', '404.html'));
} else if (req.accepts('json')) {
res.json({ "error": "404 Not Found" });
} else {
res.type('txt').send("404 Not Found");
}
});
app.use(errorHandler);
mongoose.connection.once('open', () => {
console.log('Connected to MongoDB');
app.listen(PORT, () => console.log(`Server running on port ${PORT}`));
});
@Zohalmohal , If you are in development i.e If you are working on localhost, try setting secure:true to secure:false when you are setting cookies in newRefreshToken, { httpOnly: true, secure: true, sameSite: 'None', maxAge: 24 * 60 * 60 * 1000 });.
Hey @Zohalmohal Since you are in development and You don't have a ssl/tls setup currently, maybe try putting the secure: false, since secure is only used to make sure the data which is being transferred is actually encrypted using the HTTPS protocol and you do not have that setup yet so maybe try putting the secure as false
or if you want to you can also set it dynamically as:
secure: process.env.NODE_ENV !== "development" // note that it will only happen if you have the environment variable NODE_ENV set properly
@Zohalmohal , If you are in development i.e If you are working on localhost, try setting
secure:truetosecure:falsewhen you are setting cookies innewRefreshToken, { httpOnly: true, secure: true, sameSite: 'None', maxAge: 24 * 60 * 60 * 1000 });.
This fixed my bug. Since I was working on localhost, I had to set secure:false
