Fullstack CourseLearn by building
Back to week 2

Topic

Axios, Nest, and cookies

Definition

Axios must send credentialed requests and Nest must allow credentialed CORS for httpOnly cookie sessions to work across origins.

In simpler words

The browser sends the login cookie; JavaScript does not need to read the JWT.

Axios instances, withCredentials, CORS, and 401 handling.

After this you can

  • Call protected Nest endpoints without storing tokens in localStorage.
  • Explain the trade-off to a teammate using a small example.
  • Name at least one common bug pattern for this topic.

Understand Axios, Nest, and cookies

Axios instances, withCredentials, CORS, and 401 handling.

Start by identifying which value or browser behavior changes. Then describe the UI from that current input instead of editing the DOM as a separate source of truth.

Axios, Nest, and cookies in code

export const api = axios.create({
  baseURL: process.env.NEXT_PUBLIC_API_URL,
  withCredentials: true,
});

Read the example from data and control flow to the resulting UI. Keep the component boundary small.

Apply Axios, Nest, and cookies

Keep rendering as a calculation. Put user-triggered changes in event handlers, preserve UI memory in state, and reserve external synchronization for Effects or the server-state layer.

Name values by their UI meaning, test the loading and error path when data is remote, and avoid keeping two editable copies of the same value.

Ask before adding code: is this local UI memory, shared client state, or Nest-owned server state?

Where bugs hide

Definition

High-bug areas are places where a small API misuse looks correct but produces stale UI, duplicate work, or silent failures.

In simpler words

Each mistake below shows Wrong vs Right code — compare them side by side.

When something misbehaves, match the symptom to a pattern below before rewriting the feature.

Prefer fixing the ownership or update path over adding another Effect or sync step.

Mistake: Forgot withCredentials

// Wrong
axios.get("/tickets")

// Right
axios.get("/tickets", { withCredentials: true })
// or axios.create({ withCredentials: true })

Cross-origin cookies require credentials.

Mistake: JWT in localStorage

// Wrong
localStorage.setItem("token", jwt)

// Right
// Nest httpOnly cookie; browser sends it automatically

HttpOnly cookies keep tokens away from XSS.

Mistake: CORS * with credentials

// Wrong
origin: "*", credentials: true

// Right
origin: "http://localhost:3000", credentials: true

Browsers reject wildcard origin with credentials.

Live playground

Axios, Nest, and cookies sandbox

Change one input at a time and predict the next render.

Browser will send httpOnly cookie to Nest on cross-origin calls.
axios.create({ withCredentials: true })

Keep in mind

  • Keep the formal definition in mind; it explains which tool belongs where.
  • Prefer one source of truth over synchronized copies of the same value.
  • When behavior surprises you, trace: input → update → render → committed UI.
  • Study the Wrong vs Right examples in “Where bugs hide” before you merge.

Test

Check your understanding

At least 10 questions — mix of concept, syntax, practical, and logic. Score ≥ 80% (enforced by the API) to save progress.

Checking your session…

10 questions · concept 3 · syntax 3 · practical 2 · logic 2

Concept1. Which statement best defines Axios and Nest cookies?
Syntax2. Which implementation matches Axios and Nest cookies?
Practical3. When building a feature, when is Axios and Nest cookies the right choice?
Logic4. What reasoning keeps Axios and Nest cookies predictable as values change?
Concept5. Which statement best defines Axios and Nest cookies?
Syntax6. Which implementation matches Axios and Nest cookies?
Practical7. When building a feature, when is Axios and Nest cookies the right choice?
Logic8. What reasoning keeps Axios and Nest cookies predictable as values change?
Concept9. Which statement best defines Axios and Nest cookies?
Syntax10. Which implementation matches Axios and Nest cookies?