Question about JWT browser server-to-server transfer.

Asked 2 years ago, Updated 2 years ago, 129 views

The usage environment is node.js, reaction.

The cleanest way on the server is to send a token in a cookie. By the way, if you set httpOnly to true and send the cookie from the server to the browser, the browser cannot access the cookie, so how can I solve this?

They said that if you set httpOnly to false, there could be a CORS problem.

So I couldn't solve it alone, so I put it in the response header and sent it, but it was a method that I didn't like. If there is anyone who knows the solution, please reply.

jwt cookie header token

2022-09-22 18:48

1 Answers

Should I be able to access JWT cookies from a browser?

HttpOnly cookies are only sent to the (...) server. For example, the (...) session's cookies will be flagged HttpOnly because JavaScript is not required.Source: MDN

JWT is for authentication and authentication is only required between HTTP communication. Therefore, I don't think there's any reason to take out the token itself from the browser. What are the specific scenarios? If you need a necessary transmission value (e.g., your nickname, etc.), it would be better to lower it to a separate cookie or response body.

2022-09-22 18:48

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

881 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

592 Scrap text information after the "View More" button when searching in the Yahoo! News search window

576 Who developed the "avformat-59.dll" that comes with FFmpeg?

573 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

584 PHP ssh2_scp_send fails to send files as intended

© 2024 OneMinuteCode. All rights reserved.