I have built Node.js app with Express 4, for manage sessions I use connect-mongo middleware, all works.
But I need login to my app from another site.
App is hosted on aws EC2.
I use SalesForce and after login to it, I want open my app, but DON'T want input credentials...
On node.js server I have added headers:
res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
res.setHeader('Access-Control-Allow-Credentials', 'true');
In SF, onClick button I execute:
jsonData = {
"email": 'test1@example.com',
"password": "test"
}
$.ajaxSetup({
type: "POST",
data: {},
dataType: 'json',
xhrFields: {
withCredentials: true
},
crossDomain: true
});
$.post( 'http://ec2-someip.us-west-2.compute.amazonaws.com//login', jsonData)
.done(function( data ) {
console.log( "done" );
console.log(data);
//redirect to data url
})
.fail(function(data) {
console.log( "error" );
console.log( "data" );
});
Node.js returns me correct data url, but doesn't add session cookie, and that's why I see login page after redirect...
When I manually send POST request from browser (I use "Rest Console" app for Google Chrome), node.js added cookie.
What is wrong? There is a way to login from SF (or any other site) ?
Thank you.
Fixed by adding cookie domain settings:
app.use(session({
secret: config.get('session:key'),
saveUninitialized: true,
resave: true,
store: new MongoStore({
db: mongoose.connection.db
}),
cookie: {
path: '/',
domain: utils.isDevelopmentEnv() ? null : '.' + config.get('domain').replace('http://', '').replace('https://', ''),
httpOnly: true
}
}));