JWT token not being sent in production (Django REST Framework & Next.js 14)

I'm facing an issue where JWT tokens are not being sent from the client to the server in my production environment. The project consists of a Django REST Framework backend and a Next.js frontend. Everything works fine in the development (127.0.0.1) environment, but in production, the JWT token stored in the cookies is not being sent back to the server.

Project Setup: Backend (Django) Settings: Here are my relevant settings in settings.py:

REST_AUTH = {
    'JWT_AUTH_COOKIE': 'token',
    'JWT_AUTH_REFRESH_COOKIE': 'refresh_token',
    'JWT_AUTH_SECURE': True,  # Enabled for production
    'JWT_AUTH_HTTPONLY': True,
    'JWT_AUTH_SAMESITE': 'None',
}

CORS_ALLOW_CREDENTIALS = True
CORS_ALLOWED_ORIGINS = [
    '',  # My frontend domain
]

Frontend (Next.js) Configuration: On the client side, I'm sending requests using fetch as follows:

fetch("/auth/login", {
    method: "POST",
    credentials: "include",  // Ensure cookies are sent
    headers: {
        "Content-Type": "application/json"
    },
    body: JSON.stringify({ username, password })
});

Environment: Frontend URL: Backend URL: Browser: Chrome (latest version) HTTPS is enabled for both frontend and backend.

Why aren't the cookies being sent in subsequent requests? What could be causing this issue, and how can I fix it?

Programmer puzzle solving

JWT token not being sent in production (Django REST Framework & Next.js 14) - Stack Overflow

Articles related to this article

comment list (0)