Set localStorage in different domains

0

I have three applications:

1. Login (running on port 8080) with very simple jQuery

2. API (running on port 4000) with Nodejs

3. Web (which runs on port 4200) with Angular

When I log in and click "Log In", it will call the API, validate if the user exists, if success will return a token from JWT. When I return this token, I need to set it to localStorage, then redirect to the web application.

The problem with this is that they are different ports, so if I get to the localStorage of the login application and then redirect to the web application, the token will no longer exist in the localStorage.

How can I solve this problem?

    
asked by anonymous 13.03.2018 / 11:08

1 answer

0

The localStorage() API is executed by the browser on the " Same Source Policy > "(Same-Source) so even though the application runs in the same domain (example.com), doors and subdomains are treated as different sources.

To get around this you can work on some solution that uses <iframe> and postMessage() to be able to synchronize localStorage() data.

There are several libraries that do exactly this, for example, Cross Domain Local Storage , however, if your the only purpose is to check the token simply save this token on a cookie that it will be available for all domains, subdomains, and ports.

It's worth remembering that JWT tokens have time stamps for validation as well as you could create some basis for tracking dispatched and used tokens.

You can remove cookie as soon as you use the token, if you use this approach, do not forget to use a cookie on the HTTPONLY flags (for the server only), SECURE (TLS only) and even SAMESITE .

    
13.03.2018 / 11:41