Question

Couldn't set cookies from nextjs server side action

I use supabase with nextjs framework. I have login page with server actions to log in users, where supabase get access token and set cookies with it.

I deployed my application to another cloud, and setting cookies works well. I can see set-cookie header wtih value

sb-zmbssfhrczgtqvdzwswf-auth-token=%7B%22access_token%22%3A%22eyJhbGciOiJIUzI1NiIsImtpZCI6Iml6UC94dFNad3FaQ1JWUFQiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNzA3MjEyNDkxLCJpYXQiOjE3MDcyMDg4OTEsImlzcyI6Imh0dHBzOi8vem1ic3NmaHJjemd0cXZkendzd2Yuc3VwYWJhc2UuY28vYXV0aC92MSIsInN1YiI6ImE0NWQzNWE0LTZkZGYtNDYxNC1iMGMzLTZhMDcyMTZlYTcwOCIsImVtYWlsIjoiemRrYXNrYUBnbWFpbC5jb20iLCJwaG9uZSI6IiIsImFwcF9tZXRhZGF0YSI6eyJwcm92aWRlciI6ImVtYWlsIiwicHJvdmlkZXJzIjpbImVtYWlsIl19LCJ1c2VyX21ldGFkYXRhIjp7fSwicm9sZSI6ImF…a07216ea708%22%7D%2C%22provider%22%3A%22email%22%2C%22last_sign_in_at%22%3A%222024-02-01T14%3A34%3A09.508136Z%22%2C%22created_at%22%3A%222024-02-01T14%3A34%3A09.508192Z%22%2C%22updated_at%22%3A%222024-02-01T14%3A34%3A09.508192Z%22%2C%22email%22%3A%22zdkaska%40gmail.com%22%7D%5D%2C%22created_at%22%3A%222024-02-01T14%3A34%3A09.499934Z%22%2C%22updated_at%22%3A%222024-02-06T08%3A41%3A31.28662Z%22%7D%7D; Path=/; Expires=Mon, 09 Jun 3023 08:41:31 GMT; Max-Age=31536000000; Domain=.ondigitalocean.app; SameSite=lax

But the application which deployed to digitalocean as “App” returns following set-cookie header by the same request:

__cf_bm=Mx0LEoJPQzW96i2loQdBUbL2TcHgCjgZLynQ1wMKTpA-1707208674-1-AYXsfeVy1LvJdVqTO5Dtu2/fob1AFCwurePeY407SEOW6bqUo86Eg76qv6J0HAGndJyNvV24MNnWBIi6d7v9eQg=; path=/; expires=Tue, 06-Feb-24 09:07:54 GMT; domain=.ondigitalocean.app; HttpOnly; Secure; SameSite=None

This looks like the cloudflare remove my set-cookie headers. Could I configure this behaviour?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I was running into the same exact problem. P.S. I am using ExpressJS.

What worked for me:

app.set('trust proxy', 1) // trust first proxy

This comment has been deleted

    Did you find any solution to this?

    Try DigitalOcean for free

    Click below to sign up and get $200 of credit to try our products over 60 days!

    Sign up

    Featured on Community

    Get our biweekly newsletter

    Sign up for Infrastructure as a Newsletter.

    Hollie's Hub for Good

    Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

    Become a contributor

    Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

    Welcome to the developer cloud

    DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

    Learn more