admin管理员组文章数量:1323336
I have a JWT token that I'd like to store in a cookie. The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.
From the angular docs I know I can store my token in cookies like this:
// using 'ngCookies'
createToken(jwt_token) {
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
return $cookies.get('jwt');
}
But it's not clear how I can specify the HttpOnly and Secure flags. The docs say it has an options field for put()
and get()
, but then it mentions $cookiesProvider
. I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put()
or get()
?
So would it be something like:
createToken(jwt_token) {
$cookiesProvider['domain'] = 'www.mydomain';
$cookiesProvider['secure'] = true;
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
$cookiesProvider['domain'] = 'www.mydomain';
$cookiesProvider['secure'] = true;
return $cookies.get('jwt');
}
Or is that pletely wrong? I didn't see any HttpOnly flag either, but I do see domain
which I set to www.mydomain
. Is that equivalent to HttpOnly = true?
I have a JWT token that I'd like to store in a cookie. The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.
From the angular docs I know I can store my token in cookies like this:
// using 'ngCookies'
createToken(jwt_token) {
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
return $cookies.get('jwt');
}
But it's not clear how I can specify the HttpOnly and Secure flags. The docs say it has an options field for put()
and get()
, but then it mentions $cookiesProvider
. I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put()
or get()
?
So would it be something like:
createToken(jwt_token) {
$cookiesProvider['domain'] = 'www.mydomain.';
$cookiesProvider['secure'] = true;
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
$cookiesProvider['domain'] = 'www.mydomain.';
$cookiesProvider['secure'] = true;
return $cookies.get('jwt');
}
Or is that pletely wrong? I didn't see any HttpOnly flag either, but I do see domain
which I set to www.mydomain.
. Is that equivalent to HttpOnly = true?
- Possible duplicate of Set a cookie to HttpOnly via Javascript – Ayoub Kaanich Commented Nov 20, 2016 at 11:23
1 Answer
Reset to default 5You can't do this using ngCookies. A HttpOnly
cookie can't be created from JavaScript, the alternative however, is to make an ajax query to the server that will add a Set-Cookie
HTTP response.
Related: Set a cookie to HttpOnly via Javascript
本文标签: javascriptHow to set httpOnly flag in ngCookiesStack Overflow
版权声明:本文标题:javascript - How to set httpOnly flag in ngCookies? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742136987a2422413.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论