I have an issue with
cookie-session when using Firebase Functions in production. I have a React app in Firebase Hosting, and an Express app in Functions (that I'm using as my API), and I've created a template repo that demonstrates this setup for all to see (https://github.com/cjmyles/firebase-react-express).
I'm making fetch calls from the React app to
/api/* (notice the lack of a fully qualified url) and the request is proxied to the API in development mode using the
proxy config value in
package.json; and proxied to the API in production using the
rewrites config value in
This works fine until I start to use sessions. I have some code that mimics a login request using PassportJS where the user information is stored in the session, and this works in development mode, but not in production. I have a feeling it's something to do with the cookies. I'm using
cookie-session in my express app and I've made sure that the
secure flag is set to
true in production (as it's served over https), but I think the cookie isn't being passed to the API properly when the request is proxied via the Firebase
Do I need to add something to
firebase.json to enable
cookie-session in production?