The usage environment is node.js, reaction.
The cleanest way on the server is to send a token in a cookie. By the way, if you set httpOnly to true and send the cookie from the server to the browser, the browser cannot access the cookie, so how can I solve this?
They said that if you set httpOnly to false, there could be a CORS problem.
So I couldn't solve it alone, so I put it in the response header and sent it, but it was a method that I didn't like. If there is anyone who knows the solution, please reply.
jwt cookie header token
Should I be able to access JWT cookies from a browser?
HttpOnly cookies are only sent to the (...) server. For example, the (...) session's cookies will be flagged HttpOnly because JavaScript is not required.
JWT is for authentication and authentication is only required between HTTP communication. Therefore, I don't think there's any reason to take out the token itself from the browser. What are the specific scenarios? If you need a necessary transmission value (e.g., your nickname, etc.), it would be better to lower it to a separate cookie or response body.
566 Who developed the "avformat-59.dll" that comes with FFmpeg?
593 Uncaught (inpromise) Error on Electron: An object could not be cloned
592 GDB gets version error when attempting to debug with the Presense SDK (IDE)
567 Understanding How to Configure Google API Key
564 rails db:create error: Could not find mysql2-0.5.4 in any of the sources
© 2024 OneMinuteCode. All rights reserved.