I do have a problem with setting cookies. I'm running a small application on Azure Functions and a static webpage as frontend, and on the login request my function properly returns a cookie in the response. Here is the whole set of response headers coming from my Azure function.
HTTP/1.1 200 OKDate: Sun, 11 Oct 2020 20:40:16 GMTContent-Type: application/json; charset=utf-8Server: KestrelContent-Length: 180Set-Cookie: RefreshToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJVc2VyTmFtZSI6IlNvc3NlbmJpbmRlciIsImV4cCI6IjYzNzM4MDQ2NTE3MTM3NjE4NCJ9.CCv3a41iPut4eC9jK2eqAzOLP5tWLjMlRgduSkUpS40; expires=Mon, 11 Oct 2021 20:40:17 GMT; path=/; samesite=laxSet-Cookie: Test=Val; path=/Access-Control-Expose-Headers: Set-CookieAs you can see, I included my proper token, as well as just a small test cookie, just to verify whether it would even work with a very simple cookie. Hint, it doesn't.
Here is my request:
Sadly, whatever I try, chrome and e.g. firefox completely ignore my cookies. I didn't yet manage to have a single cookie set, no matter what I try.
I tried it on localhost as well as a *.web.core.windows.net static website now, but I just can't get it to work.
I think my backend is not the culprit, as the response headers seem to be set properly. But something just isn't quite right. I have read up on a lot of threads now mentioning what should be set and what not, I've probably tried them all now. Whether it is the secure flag, the samesite flag, whatever.
What am I missing here?
EDIT: I added a minimal reproducible example at http://www.filedropper.com/cookieproblem
To run:
Navigate to the "CookieProblem" folder containing the CookieProblem.csproj. Open up cmd and run it with "func start" (requires Azure Functions CLI tool)
Now, run the BlazorApp1 in VS. Open the page and keep dev tools open. On load, it should make a request to the locally running function called "Run" in the network tab.
It should now also not set a cookie for you.