FusionAuth setting wrong domain the the cookie

hamza.chouaibi

I am using custom local domains.

https://auth.domain.test <= FusionAuth
https://app.domain.test <= Angular app

I also tried FusionAuth at https://auth.app.domain.test but I still get the same issue and chrome block the cookie.

I am getting issue with cookies, the domain on cookies is test.

Example: app.at_exp=1742980022; Domain=test; Max-Age=3599; Path=/; SameSite=Lax; Secure

Any idea why we endup wuth Domain=test ?

mark.robustelli

@hamza-chouaibi Can you tell me a little more about how you have FusionAuth configured and what you are trying to do? My assumption is that you are using a JWT. Have you checked the Issuer setting in FusionAuth? Go to Applications -> Edit -> JWT tab.

hamza.chouaibi

@mark-robustelli Thank you for ther reply.

There is my setup.

Local dev environement all running on docker containers with one Nginx acting as proxy for all of them.

All the custom domain are set in /etc/hosts
All domains running on SSL with self signed certificate.

For each test I only change the tld
so it's
Application: https://app.domain.tld
FusionAuth: https://auth.domain.tld

Tested with these .test. .local, .test. and .net

.local, .test amd .internal ending up in errors with the domain test or local

.net, .com and org both woks

for .dev can't even get the SSL to work

We will just use one of the working tld at the moment for all our dev stack.

The only thing in common that I can find for these tls is that they are listed as Reserved domains in https://en.wikipedia.org/wiki/Top-level_domain

mark.robustelli

@hamza-chouaibi Have you been through the FusionAuth and Proxies documentation? Are you sure Nginx has been configured properly?

hamza.chouaibi

@mark-robustelli

Here is a detailed explanation of my tests.

Modifying /etc/hosts

I added the following entries to my /etc/hosts file:

127.0.0.1   auth.domain.test
127.0.0.1   app.domain.test

Nginx Proxy Configuration

Authentication Service

server {
    listen 443;
    server_name auth.domain.test;
    ssl_certificate     /etc/nginx/conf.d/ssl/localhost.crt;
    ssl_certificate_key /etc/nginx/conf.d/ssl/localhost.key;

    location / {
        proxy_pass http://EC2-instance-IP:9011;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header "X-Forwarded-Port" "80";
        proxy_http_version 1.1;
    }
}

Application Service

server {
    listen 443;
    server_name app.domain.test;
    ssl_certificate     /etc/nginx/conf.d/ssl/localhost.crt;
    ssl_certificate_key /etc/nginx/conf.d/ssl/localhost.key;

    location / {
        proxy_pass http://app-container:4200;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Testing Different TLDs

I then replaced the .test TLD with several alternatives to determine which ones worked in this local setup. The tested TLDs and their outcomes are summarized in the table below:

TLD	Result
.local	Failed
.test	Failed
.internal	Failed
.net	Succeeded
.org	Succeeded
.com	Succeeded

Nothing changed in all the tests except the TLDs, so I doubt it's an issue with the proxy.

We deciced to use .net for our local dev env and this working fine now for all our develpers.