Phoenix - Conn.assigns empty in production

I am using Axios for my client-side requests. For example:

  1. Logged in client requests DELETE
  2. Router pipes through Auth plug
  3. Auth plug checks if conn.assigns has user
  4. If user exists and has role, delete-action is executed

This works without problems in DEV-mode. The conn.assigns holds my user_id and the request is executed. In PROD-mode, my conn.assigns is empty. I really don’t see the cause of the problem. Could this be caused by my CDN (Cloudflare)?


   axios ({
                                method: 'delete',
                                url: `${Url.value}/removeRegion/${region}`,
                                headers: {
                               'X-Requested-With': 'XMLHttpRequest',
                               'x-csrf-token': document.head.querySelector("[name~=csrf-token[content]").content


plug :authenticate when action in [....]
 def authenticate(conn, _opts) do

  assign = conn.assigns
  if conn.assigns.current_user && conn.assigns.current_user.admin do
    Logger.debug "NO AUTH!!"

–> This errors out since conn.assigns is empty

You mention a CDN but not how exactly you’re using it; have you checked what your server-side app is getting in the Origin header? Getting no session cookie could be a symptom that CORS isn’t set up correctly:

I think you might be right. I see my GET/POST (simple) requests are working, but my DELETE request is not. Strange, because I enabled all methods using Corsica:


 plug Corsica,
       origins: "*",
       allow_methods: :all,
       allow_headers: :all,
       log: [rejected: :error, invalid: :warn, accepted: :debug]