FusionAuth setting wrong domain the the cookie
-
I am using custom local domains.
https://auth.domain.test <= FusionAuth
https://app.domain.test <= Angular appI also tried FusionAuth at https://auth.app.domain.test but I still get the same issue and chrome block the cookie.
I am getting issue with cookies, the domain on cookies is test.
Example: app.at_exp=1742980022; Domain=test; Max-Age=3599; Path=/; SameSite=Lax; Secure
Any idea why we endup wuth Domain=test ?
-
@hamza-chouaibi Can you tell me a little more about how you have FusionAuth configured and what you are trying to do? My assumption is that you are using a JWT. Have you checked the Issuer setting in FusionAuth? Go to Applications -> Edit -> JWT tab.
-
@mark-robustelli Thank you for ther reply.
There is my setup.
Local dev environement all running on docker containers with one Nginx acting as proxy for all of them.
All the custom domain are set in /etc/hosts
All domains running on SSL with self signed certificate.For each test I only change the tld
so it's
Application: https://app.domain.tld
FusionAuth: https://auth.domain.tldTested with these .test. .local, .test. and .net
.local, .test amd .internal ending up in errors with the domain test or local
.net, .com and org both woks
for .dev can't even get the SSL to work
We will just use one of the working tld at the moment for all our dev stack.
The only thing in common that I can find for these tls is that they are listed as Reserved domains in https://en.wikipedia.org/wiki/Top-level_domain
-
@hamza-chouaibi Have you been through the FusionAuth and Proxies documentation? Are you sure Nginx has been configured properly?
-
Here is a detailed explanation of my tests.
Modifying
/etc/hostsI added the following entries to my
/etc/hostsfile:127.0.0.1 auth.domain.test 127.0.0.1 app.domain.testNginx Proxy Configuration
Authentication Service
server { listen 443; server_name auth.domain.test; ssl_certificate /etc/nginx/conf.d/ssl/localhost.crt; ssl_certificate_key /etc/nginx/conf.d/ssl/localhost.key; location / { proxy_pass http://EC2-instance-IP:9011; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header "X-Forwarded-Port" "80"; proxy_http_version 1.1; } }Application Service
server { listen 443; server_name app.domain.test; ssl_certificate /etc/nginx/conf.d/ssl/localhost.crt; ssl_certificate_key /etc/nginx/conf.d/ssl/localhost.key; location / { proxy_pass http://app-container:4200; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }Testing Different TLDs
I then replaced the
.testTLD with several alternatives to determine which ones worked in this local setup. The tested TLDs and their outcomes are summarized in the table below:TLD Result .localFailed .testFailed .internalFailed .netSucceeded .orgSucceeded .comSucceeded Nothing changed in all the tests except the TLDs, so I doubt it's an issue with the proxy.
We deciced to use .net for our local dev env and this working fine now for all our develpers.
-
@hamza-chouaibi said in FusionAuth setting wrong domain the the cookie io games:
I am using custom local domains.
https://auth.domain.test <= FusionAuth
https://app.domain.test <= Angular appI also tried FusionAuth at https://auth.app.domain.test but I still get the same issue and chrome block the cookie.
I am getting issue with cookies, the domain on cookies is test.
Example: app.at_exp=1742980022; Domain=test; Max-Age=3599; Path=/; SameSite=Lax; Secure
Any idea why we endup wuth Domain=test ?
The SameSite=Lax attribute restricts the cookie from being sent with cross-site requests. If your application is making requests across subdomains, you may need to adjust this setting to SameSite=None; Secure for cross-origin requests.
