Why doesn't credentials: 'include' help?

C

Crocosha2020-10-28 19:48:16

JavaScript

Crocosha, 2020-10-28 19:48:16

Hello!

Here is the authorization function on the server:

const doLogin = () => {
        setLoading(true);
        const request = fetch(baseURL+'/users/authentication/email/', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json; charset=utf-8'
            },
            body: JSON.stringify({ email, password, device: {
                name: 'PC'} })
        });

        request
            .then(response => {console.log(response.headers); return response.json()})
            .then(json => {
                setLoading(false);
                if (json.error) {
                    setAuthError({ isError: true, errorMsg: json.error.message })
                } else {
                    dispatch(setAuthenticated(true));
                    dispatch(setAuthData({
                        userEmail: email,
                        userPassword: password
                    }))
                    history.push('/groups');
                }
            });
    }

A jwt token normally arrives from the server, then we request data:

const searchClicked = () => {
        fetch(baseURL + '/users/' + searchEmail, {
            method: 'GET',
            credentials: 'include'
        })
            .then(response => response.json())
            .then(json => console.log(json))
    }

and get a 401 (Unauthorized) response.

What's wrong?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Levchenko, 2020-12-03
@nuykon

credentials: 'include' is about passing cookies and authorization headers, and you have a jwt token that you need to manually add to the headers of all subsequent requests:
Authorization: Bearer your-jwt-token