-
Notifications
You must be signed in to change notification settings - Fork 17
Open
Description
Currently, there is no explicit way of setting the designated path for the returned cookie pair, resulting in the cookie not being recognized by browsers.
Reproduction steps:
Have the following API layout, using the simple example:
/v1/auth/login
/v1/api/hello
Define the App with
App::new()
.service(web::scope("/v1")
.service(login)
.use_jwt(authority.clone(), web::scope("").service(hello))
Retrieve the login cookie from /auth/login
Try to access /v1/api/hello
As you can see, hello
will report unauthorized, as the cookie path has been set to /v1/auth
, which doesn't cover the api
route.
Metadata
Metadata
Assignees
Labels
No labels