Secure headers for cors when using cookies/axios?

  cookies, cors, javascript, node.js

I’ve been banging my head against cors issues most of this evening after switching from JWT to cookies – I’ve fixed them now, but I was hoping to run my headers by someone here just to confirm that I haven’t fixed the issue by doing something stupid

My frontend is served from localhost:8081, my backend localhost: 8080.

app.js backend

res.setHeader('Access-Control-Allow-Origin', 'http://localhost:8081');
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');

And I set a cookie in the login route using res.cookie('loggedIn','true')

I’m using an axios instance on the frontend, with the flag {withCredentials: true}

Sorry if this seems basic, but I’ve felt a bit like I’ve had information overload and my brain is fried! Is there anything else I should be considering?


Source: Ask Javascript Questions