Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.

Set-Cookie header not coming through response header

Avatar

Level 7

When I have an ajax call to an aem sling servlet. 

 

Sling servlet setting a cookie header "Set-Cookie", which is coming through response headers on Author, Publisher.

But on Cloud Front URL, this "Set-Cookie" not coming through response headers.

 

Could some one help me, Do I need to mention what headers allowed from Cloud Front to front end client?

 

Thanks

Sri

6 Replies

Avatar

Community Advisor

That should work without any settings to AEM.

This could help troubleshoot.

Does the cookie have the path parameter to it? That could be an easy miss.

Also, is the cookie trying to set secure flag on a non-secure http host?

 

The set-cookie code that you are forming in the servlet, is the t possible to may be set it using a different method, let's say, set it in JS in browser console.

 

 

Thanks,

Preetpal

Avatar

Level 7

yes path set to "/" and no secure flag as this cookie need to be read by analytics.

Avatar

Community Advisor

In AEM dispatcher you can configure the farm.any, which should include the set-cookie flag
https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c...

clientheaders
  {
  "CSRF-Token"
  "X-Forwarded-Proto"
  "referer"
  "user-agent"
  "authorization"
  "from"
  "content-type"
  "content-length"
  "accept-charset"
  "accept-encoding"
  "accept-language"
  "accept"
  "host"
  "max-forwards"
  "proxy-authorization"
  "proxy-connection"
  "range"
  "cookie"
  "cq-action"
  "cq-handle"
  "handle"
  "action"
  "cqstats"
  "depth"
  "translate"
  "expires"
  "date"
  "dav"
  "ms-author-via"
  "if"
  "lock-token"
  "x-expected-entity-length"
  "destination"
  "PATH"
  }

 

Avatar

Level 7

I will try this @BrianKasingli thanks! but documentation says "defines a list of HTTP headers that Dispatcher passes from the client HTTP request to the renderer (AEM instance)" 

 

The 'Set-Cookie' headers are response headers from aem publish instance to client browser.

Avatar

Level 7

@BrianKasingli @Preetpal_Bindra issue happening at cloud front level , verified direct dispatcher url and is sending all custom headers. It is cloud front , which is not sending headers from dispatcher to browser. any help on this ?

Avatar

Administrator

@sreenu539 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni