- My goal: Use the
COOKIE_substitution syntax to automatically pass a browser cookie value into the Authorization header of a REST API request. The cookie name ismycookie-stagingand needs to be sent asAuthorization: Basic <cookie_value>. - Issue: The
COOKIE_mycookie-stagingsyntax is not being substituted with the actual cookie value. When I useAuthorization: Basic COOKIE_mycookie-stagingin the Headers section, the request fails with a 401 Unauthorized error. However, when I manually paste the cookie value instead of usingCOOKIE_, the request succeeds. - What works:
-
Cookie without hyphen:
mycookie→COOKIE_mycookie -
Manual value:
Authorization: Basic xxx -
Same curl request with the cookie works perfectly
- What doesn't work:
-
COOKIE_mycookie-staging -
COOKIE_mycookie_staging
-
- Retool version & hosting setup: Self-hosted v3.300.4-stable on K8s
Hi @Nikita_Khalezin,
That is very interesting that Cookie without the hyphen does work. Seems like this may be a bug that I can report to our engineering team.
Does cookie without a hyphen work for your use case or do you need to find a work around?
Hi @Jack_T,
In our case, we use different cookie names per environment:
-
production →
mycookie -
staging →
mycookie-staging
Because of this, everything works fine in production (since COOKIE_mycookie is correctly substituted).
However, in staging, the substitution does not work with COOKIE_mycookie-staging, so the Authorization header is not populated correctly.
As a workaround, we currently have to manually copy the value from mycookie-staging into a mycookie cookie in the browser. Only after that does COOKIE-based auth work in Retool.
So yes, we found a workaround, but it is quite inconvenient and error-prone. It would be great if support for hyphenated cookie names in the COOKIE_ substitution syntax could be fixed.
Thank you for elaborating @Nikita_Khalezin,
I can definitely make a ticket for our engineers to take a look at this.
I will let you know if we have any ideas for work arounds in the short term as well 