i followed the sample of authorized-https-endpoint and only added console.log to print the req.cookies, the problem is the cookies are always empty {} I set the cookies using clinet JS calls and they do save but from some reason, I can't get them on the server side.
here is the full code of index.js, it's exactly the same as the sample:
'use strict';
const functions = require('firebase-functions');
const admin = require('firebase-admin');
admin.initializeApp(functions.config().firebase);
const express = require('express');
const cookieParser = require('cookie-parser')();
const cors = require('cors')({origin: true});
const app = express();
const validateFirebaseIdToken = (req, res, next) => {
console.log(req.cookies); //// <----- issue this is empty {} why??
next();
};
app.use(cors);
app.use(cookieParser);
app.use(validateFirebaseIdToken);
app.get('/hello', (req, res) => {
res.send(`Hello!!`);
});
exports.app = functions.https.onRequest(app);
even test with simple curl will return empty cookies - curl http://FUNCTION_URL/hello --cookie "LastName=Doe;FirstName=John"
update: looks like only cookie name __session will be saved.
store cookie:
curl http://FUNCTION_URL/hello --cookie "__session=bar" // req.cookies =
{__session: bar}
doesn't store:
curl http://FUNCTION_URL/hello --cookie "foo=bar" // req.cookies =
{}
according to here it's by design. i think it's wrong design but at least answered my question. closing.
@sagivo how do you store the cookie for the cloud function domain using a js client ?
@paolomainardi not sure I understand. you can store cookies with JS regular way. if you want Firebase Function to read it it has to be called __session.
@sagivo thanks for the reply! I am talking about a scenario where the client app and the cloud functions live in different domains, let's say an angular application consuming cloud functions.
Most helpful comment
according to here it's by design. i think it's wrong design but at least answered my question. closing.