Cookie problem in REST API


#1

We login using REST API using Ajax from a different domain. We wanted the cookies to be stored in the browser. i find the Login Ajax Response doesn’t have the SET-COOKIE Attribute in its header.
Docs doesn’t talk about the setting the cookie part.
We are facing challenge because, our rest api is called from a different application(domain),
The Ajax Response has the user id data, and if we try to set the value as cookie, it is not setting the cookie for rocket chat domain.
if the Ajax Response had the SET-COOKIE header, then the browser would have automatically set the cookies.


#2

Our rest API doesn’t use cookies at all. So even if you do set a cookie it won’t do any good.

You’ll need to take a look at our docs. Basically its passed through the headers: https://rocket.chat/docs/developer-guides/rest-api/authentication/me/


#3

We have a client(similar to rocket chat client) as a component in another Web Application, which talks to rocket chat server. This Client uses REST API for logging into Rocket Chat. The problem we are facing is that when logged in, the cookies like rc_uid, rc_token are not being set for the rocket chat server domain. Hence susbequent file retrival (e.g using img tag) request are failing as 403 error. We would like support on setting the cookie for the rocket chat server domain from the Web Application(which is in another domain)


#4

Might be able to write something to intercept your requests and append the authentication headers if its the same application.

if you are fetching images and not using the rest api… you can actually pass a cookie something like:
rc_uid=${rc_uid}; rc_token=${rc_token}; connect.sid=

This will work for requests like: /avatar/username and /file-upload/${file-id}/f${file-name} but will not work against rest api to my knowledge.