Should fetch pass cookies when following redirects?

[dsine-de]

Software like Postman (if not disabling the cookie jar in the settings) and browser redirects save cookies when they hit a redirect which has a set-cookie header and set them on requests following that redirect by adding a cookie header.

Should Node.js fetch do this too?

When I request the http://localhost:8080/redirect from this code with Postman, it logs the cookie header and in the Postman console you see the cookie was added to the following request. The native fetch that happens in the code doesn't pass the cookie to the /redirect_to url.

import express from 'express';

const app = express();

app.get('/redirect', (req, res, next) => {
	res.cookie('test', 'value');
	res.redirect('/redirect_to');
});

app.get('/redirect_to', (req, res, next) => {
	console.log(`Cookie: ${req.get('cookie')}`);
	res.status(200).end();
});

app.listen(8080, async () => {
	try {
		await fetch('http://localhost:8080/redirect');

		await fetch('http://localhost:8080/redirect', {
			credentials: 'include'
		});
	} catch (err) {
		console.error(err);
	}
});

Here is the minimal reproduction repository: https://github.com/dsine-de/fetch-redirect-cookies

[mcollina]

I don't think we handle cookies right now. @KhafraDev @ronag wdyt?

[KhafraDev]

We likely need to wait for something along the lines of https://github.com/whatwg/fetch/issues/1384. Maybe it'd be better as a wintercg issue as this is more pertinent to non-browser environments.