This repo aim to reproduce a strange behavior with wordpress headless and httpOnly cookies. This exemple contains a front in React-Vite, and a back with Fastify.
The backend provide 2 routes:
/loginto create 3 httpOnly cookies/checkthat returns 200 only if those cookies are presents
And the front provide 2 buttons, to fetch both routes. The test simply press the buttons and try to retrieve the response block.
You need to run npm install on both ./front & ./back folders
Then you can run both servers (in separate shells)
# front server
cd front && npm run dev
# back server
cd back && npm run startcd front && npx cypress openThe test should work as expected. (tested on macos Chrome & Electron)
Here is the real issue, where the test will not pass.
To run it, simply go at the root of the project and run:
docker compose up --abort-on-container-exit --exit-code-from cypress --attach cypress- Moving the cookies to SameSite: None & Secure: True
- Adding front url to cors and poli