Reputation: 198
AngularJS Refused to set unsafe header "Cookie"
I am using an AngularJS application to make a call to an API using $http. The call to $http is originating from localhost:9000. The API is endpoint is available at localhost:9100/API/v1.0/context...
I am getting an error message saying "Refused to set header Cookie". From what I have read, the browser sets these headers for security reasons and these cannot be configured. According to the similar question heresimilar question here, I have tried enabling crossDomain:true and withCredentials:true but to no effect.
Any answer on why this is happening would be appreciated.
EDIT: Here is the code
$http({
method: method,
url: urlpoint,
headers:headers,
params: query,
crossDomain: true
})
.success(function(data, status, headers, config) {
if (!data || data.length == 0)
data = $rootScope.getLocaleValue("EMPTY_RESPONSE");
operation.result.data = data;
$scope._afterMakeTestCall(operation, status,
headers, config);
});
And in the headers field, I have set
headers['Cookie'] = 'cookieValue="something";';
Upvotes: 0
Views: 1850
Answers (1)
Reputation: 198
After a long time of searching, I came across references stating that browser will not allow to set the Cookie header due to security vulnerabilities. It can only be done through headless browsers.
Upvotes: 1
Related Questions
- Not able to read Set-Cookie response header
- Cookie in header javascript error "Refused to set unsafe header "Cookie""
- Set-Cookie Response Header not setting cookie? Possible path issue
- $http response Set-Cookie not accessible
- Angular-cookies error
- Refused to set unsafe header "Cookie" error in browser yet request is successful
- Angular: Cookie is not created
- Refused to set unsafe header "cookie" and net::ERR_INSECURE_RESPONSE in AngularJS
- AngularJS ignoring Set-Cookie header in certain cases
- AngularJS unable to get HTTP Headers from PHP