The usage environment is node.js, reaction.
The cleanest way on the server is to send a token in a cookie. By the way, if you set httpOnly
to true
and send the cookie from the server to the browser, the browser cannot access the cookie, so how can I solve this?
They said that if you set httpOnly
to false
, there could be a CORS problem.
So I couldn't solve it alone, so I put it in the response header and sent it, but it was a method that I didn't like. If there is anyone who knows the solution, please reply.
jwt cookie header token
Should I be able to access JWT cookies from a browser?
HttpOnly cookies are only sent to the (...) server. For example, the (...) session's cookies will be flagged HttpOnly because JavaScript is not required.
JWT is for authentication and authentication is only required between HTTP
communication. Therefore, I don't think there's any reason to take out the token itself from the browser. What are the specific scenarios? If you need a necessary transmission value (e.g., your nickname, etc.), it would be better to lower it to a separate cookie or response body.
© 2024 OneMinuteCode. All rights reserved.