I'm building a web page with Angular in front-end (being served via GitHub Pages), and Google Cloud Functions / Node.js in back-end.
For example, there is a route /api/user/create where a make a POST request with Angular HttpClient, setting { withCredentials: true }. If I visit https://striderhobbit.github.io/psycho-cli directly, everything is working fine.
But if on GitHub Pages I set a custom domain (https://www.tecstures.com), it is not. I can log in, receiving a response cookie
connect.sid expires "2024-04-09T09:06:23.000Z"path "/"samesite "None"secure truevalue "s:p6moM7Q_zD50xUsCl2ns8kA608tE1qb4.zkz7Y91fcqs+YTfVdtKV4yAqnTofhPogvhdWMo0g2yQ"but /api/user/createmost of the time fails, because no cookie is being sent back / session is missing (I checked in dev tools: request cookie is empty). In rare cases it's working, without any code changes. So I can only suspect it has to do something with server response time.
But note: It must have something to do with setting the custom domain in GitHub, because without it's working all the time.
Server is looking like (express + express-session):
const app = express();app.use( cors({ origin: ["https://tecstures.com", "https://striderhobbit.github.io"], credentials: true, }));app.set("trust proxy", true);app.use(express.json());app.use( session({ cookie: { maxAge: 300000, httpOnly: false, secure: true, sameSite: "none", partitioned: true, }, resave: false, saveUninitialized: false, secret: generate(10), }));On GitHub everything is looking fine:
On squarespace (where my custom domain is hosted) I have
UPDATE
To reproduce go to https://tecstures.com/#/events, and then follow these steps:
You should get an error
Error: Missing authentication at EventService.authorize (/workspace/lib/src/services/base.js:13:19)...