django-graphql-jwt JWT_COOKIE_SAMESITE not working

Question

I'm using Django GraphQL JWT Library and Django GraphQL Auth

I keep getting this error google chrome error

With this react code (trimmed for relevancy) on both http://localhost:3000/ and https://localhost:3000/

    const [login] = useMutation(LOGIN_MUTATION, {
        variables: {
            email: email,
            password: password
        },
        onCompleted: ({ tokenAuth }) => {
            if (tokenAuth.success) {
                setToken(tokenAuth.token);
            }
        }
    });

Now when I run this mutation from the graphiql page it works and I end up with a JWT cookie but not on the react site

mutation {
  tokenAuth(
    email:"********"
    password:"*********"
  ){
    token
    refreshToken
    success
    errors
  }
}

This doesn't work

GRAPHQL_JWT = {
    "JWT_COOKIE_SAMESITE": 'None',
    "JWT_ALLOW_ARGUMENT": True
}

Adding these didn't work

    "CSRF_COOKIE_SECURE": True,
    "SESSION_COOKIE_SECURE": True,
    "CSRF_COOKIE_SAMESITE": 'None',
    "SESSION_COOKIE_SAMESITE": 'None',
    "JWT_VERIFY_EXPIRATION": True,

Adding these to django settings also didn't work

SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SAMESITE = 'None'

CSRF_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'

I've been stuck on this for about 3 days now and am about ready to throw myself in a river and go build tables. Please help.

Answer 1

so the issue is you are using "JWT_COOKIE_SAMESITE": 'None' which only works if "JWT_COOKIE_SECURE": True

and JWT_COOKIE_SECURE means the cookie will only be sent over HTTPS connection and this won't work with HTTP connection.

considering you have HTTP and the backend is using the same domain as frontend then all you need to add is "JWT_COOKIE_SAMESITE": 'Lax' "JWT_COOKIE_SECURE": False

cookies are default into “SameSite=Lax” which means cookies are only set when the domain in the URL of the browser matches the domain of the cookie