Question about JWT browser server-to-server transfer.

Asked 2 years ago, Updated 2 years ago, 126 views

The usage environment is node.js, reaction.

The cleanest way on the server is to send a token in a cookie. By the way, if you set httpOnly to true and send the cookie from the server to the browser, the browser cannot access the cookie, so how can I solve this?

They said that if you set httpOnly to false, there could be a CORS problem.

So I couldn't solve it alone, so I put it in the response header and sent it, but it was a method that I didn't like. If there is anyone who knows the solution, please reply.

jwt cookie header token

2022-09-22 18:48

1 Answers

Should I be able to access JWT cookies from a browser?

HttpOnly cookies are only sent to the (...) server. For example, the (...) session's cookies will be flagged HttpOnly because JavaScript is not required.Source: MDN

JWT is for authentication and authentication is only required between HTTP communication. Therefore, I don't think there's any reason to take out the token itself from the browser. What are the specific scenarios? If you need a necessary transmission value (e.g., your nickname, etc.), it would be better to lower it to a separate cookie or response body.


2022-09-22 18:48

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.