I've got a POST API endpoint written in Go, and I'm setting a header called Set-Cookie in the Golang response. I've set up cors and the call is returning the correct values. The problem is that the headers in the response are empty. If I look at my network tab, it says that my Set-Cookie header is being returned with the value I'm expecting, it's just in angular that it's empty (see screenshots of the console.log of my response.headers and my network tab).

EDIT

adding a picture of what my cookies look like in chrome on subsequent requests after te Set-Cookie header has been set in golang. Doesn't look like chrome auto sets the cookies.

EDIT

So, it definitely seems like it's a browser issue. When I hit the endpoint with postman the cookie is definitely set. I don't necessarily want to get the cookie in angular, I just want to set the cookie in the browser.

My angular code:

login(user): Subscription {
    return this.http
      .post(`${SERVICE_URL}/login`, user, {
        observe: 'response',
        headers: new HttpHeaders({'Content-Type': 'application/json'})
      })
      .subscribe((response: HttpResponse<any>) => {
       console.log(response.headers);
      }, (response) => {
        this._user$.next(null);
        console.log(response);
      });
  }

my cors settings in the golang server using rs/cors

c := cors.New(cors.Options{
        AllowedMethods: []string{"GET","POST", "PUT", "OPTIONS"},
        AllowedOrigins: []string{"http://localhost:4200", "localhost:4200"},
        AllowedHeaders: []string{"X-Requested-With", "Content-Type", "Authorization", "Set-Cookie"},
        ExposedHeaders: []string{"Set-Cookie"},
        AllowCredentials: true,
    })

</div>

The browser (looks like chrome devtools) will handle the cookie for you. If you go looking in the application tab of the devtools you can find the cookies. If you need to get the value of that header in Angular, I suggest you use a different header. One that the browser doesn't intercept. It is good practise to namespace your header like x-my-header.

There isn't an api in Angular for manipulating the cookies, but there are packages out there that enable it like 'ngx-cookie-service'

Fun fact: I was setting AllowCredentials: true in the response, but I wasn't setting it in the Angular request. You need it in both places for chrome to set the cookie.