Reputation: 77
can't access httponly cookie from react js but can access in postman app! how is it possible?
I send a request to server to login and get cookie with token value with HTTP only tag after this action I can not access cookie value in my react app but I tested it in the postman app and i can see cookie in this app if I can see it in the postman app so I can see it in my app! what is different between them? Is There A Way To get HTTP only cookie in react app? result from request response from server in postman
Upvotes: 7
Views: 23668
Answers (2)
Reputation: 31522
That is exactly the purpose of HttpOnly cookies.
The server sends the cookie along with the response, the browser stores it and sends it along with any request to the domain of this cookie. But the browser will prevent any code running on it to access it.
Why ?, this creates a secured way to store sensible information, such as authentication tokens, preventing any injected code in your page to access it.
https://www.owasp.org/index.php/HttpOnly
Upvotes: 17
Reputation: 580
You can't have access to the httponly cookies in react or any javascript framework. you see it in postman because in this case, postman acts like a browser and saves all of the cookies in itself then you can see them.
Upvotes: 2
Related Questions
- Cookies won't set in browser but does in postman
- Cookies.get() is undefined
- Access token in cookies but validation can't detect it in react.js(axios), works in postman
- Cannot retrieve cookies from react request
- Cannot send httponly cookie to express server from react js
- Unable to read cookie sent from React js frontend on Express server
- Accessing document.cookie returns empty string even though cookies are listed in developer tools with httpOnly flag set to false
- Can't access cookie with HttpOnly flag from my React app using universal-cookie
- Why Postman recive the express session cookie but not my post request in my React app
- Can't read 'httpOnly: false' Cookie